Wordpress Themes Pinboard Arbitrary File Upload Vulnerability

EXPLOIT WP ~~~
#Author : ReC0ded
#Vendor : http://themify.me/
#Download : http://themify.me/themes/Pinboard
#Date : 22, November 2013.
#Type : php, html, htm, asp, etc.
#Category : Web Applications
#Vulnerability : File Upload


#Dork[1] : inurl:/wp-content/themes/pinboard/
#Dork[2] : inurl:site:br /themes/pinboard/
 #Dork[3] : inurl:/themes/pinboard/ ext:php

Falha:
#Exploit : http://SITEWPVULL.COM.BR/{PASTA}/wp-content/themes/pinboard/themify/themify-ajax.php

ARQUIVO UPADO:
http://SITEWPVULL.COM.BR/{PASTA}/wp-content/themes/pinboard/uploads/{ARQUIVO}.php

EXPLOIT UPLOAD:http://pastebin.com/FwSP3bQT

Usando SCANNER INURL para encontrar Vull's WP

EXPLOIT

Wordpress Amplus Theme - CSRF Vulnerability

RESULTADO

http://www.exploit-db.com/exploits/29669/ 

BOT - SCANNER PRIV8 / - INURLBR

https://code.google.com/p/scanner-inurl/

TOTAL DE URL's: 86

EXPLOIT USADO:

DORK: inurl:/themes/amplus/
ENCONTRAR: /amplus/scripts/
TOTAL DE POSSÍVEIS VULL: 37
ARQUIVO COM RESULTADO: resultados.txt

LISTA:


http://washingtonavenuecommons.com/wp-content/themes/amplus/scripts/prettyphoto/
http://washingtonavenuecommons.com/wp-content/themes/amplus/scripts/prettyphoto/images/prettyPhoto/
http://washingtonavenuecommons.com/wp-content/themes/amplus/scripts/prettyphoto/images/backgrounds/
http://telplus-inc.com/blog/wp-content/themes/amplus/scripts/
http://www.intuneautoworks.com/home/wp-content/themes/amplus/scripts/
http://www.intuneautoworks.com/home/wp-content/themes/amplus/scripts/syntaxhighlighter/
http://www.intuneautoworks.com/home/wp-content/themes/amplus/scripts/fonts/
www.intuneautoworks.com/home/wp.../
http://www.intuneautoworks.com/home/wp-content/themes/amplus/scripts/prettyphoto/
http://wnglaw.com/wp-content/themes/amplus/scripts/prettyphoto/
http://wnglaw.com/wp-content/themes/amplus/scripts/fonts/
http://wnglaw.com/wp-content/themes/amplus/scripts/syntaxhighlighter/
http://punc.psiada.org/wp-content/themes/amplus/scripts/syntaxhighlighter/scripts/
http://amaboston.org/wp-content/themes/amplus/scripts/syntaxhighlighter/styles/
http://www.avia-sys.com/wp-content/themes/amplus/scripts/syntaxhighlighter/scripts/
http://www.promisenaturalfoodsandbakery.com/wp-content/themes/amplus/scripts/prettyphoto/images/prettyPhoto/
http://light-eco-distribution.com/wp-content/themes/amplus/scripts/prettyphoto/js/
http://www.gettysburgfarmmarket.com/home/wp-content/themes/amplus/scripts/syntaxhighlighter/
http://www.gettysburgfarmmarket.com/home/wp-content/themes/amplus/scripts/prettyphoto/images/prettyPhoto/light_square/
http://www.dominiquediprima.com/wellness/wp-content/themes/amplus/scripts/fonts/
http://ringhello.co.uk/wp-content/themes/amplus/scripts/prettyphoto/
http://www.theglobalwarmingfoundation.org/wp-content/themes/amplus/scripts/syntaxhighlighter/styles/
www.theglobalwarmingfoundation.org/wp.../
http://www.kidzrchampions2.com/wp-content/themes/amplus/scripts/prettyphoto/images/thumbnails/
www.kidzrchampions2.com/wp.../
http://www.buc-holland.com/wp-content/themes/amplus/css/
http://training.dontsayno.in/wp-content/themes/amplus/amplus_v1.6/scripts/prettyphoto/
http://192.185.16.232/~wnglaw/wp-content/themes/amplus/scripts/prettyphoto/
http://192.185.16.232/~wnglaw/wp-content/themes/amplus/scripts/syntaxhighlighter/
http://192.185.16.232/~wnglaw/wp-content/themes/amplus/scripts/prettyphoto/css/
http://192.185.16.232/~wnglaw/wp-content/themes/amplus/scripts/prettyphoto/js/
http://www.laroccaallevamento.it/site/wp-content/themes/amplus/scripts/
http://www.laroccaallevamento.it/site/wp-content/themes/amplus/scripts/prettyphoto/js/
http://www.laroccaallevamento.it/site/wp-content/themes/amplus/scripts/prettyphoto/images/prettyPhoto/dark_square/
http://www.gambit.ph/themes/amplus
http://takeadriver.nl/wp-content/themes/amplus/scripts/syntaxhighlighter/scripts/
http://www.friendslookup.com/wp-content-themes-amplus-functions-timthumb


Exploit: http://www.exploit-db.com/exploits/29669/