WordPress Smallbiz Themes Remote File Uploads Vulnerability

#- Title: Wordpress Smallbiz Themes Remote File Uploads Vulnerability

#- Author: FullSecurity.org

#- Date: 09-02-2016

#- Developer : expand2web.com

#- Link Download : www.expand2web.com/smallbiz-theme/

#- Google Dork: inurl:"/themes/smallbiz/"

#- Fixed in Version : -

#- Tested on : Wessel

=======================================================

-- Proof Of Concept --

Vulnerability : site/wp-content/themes/smallbiz/palette/index.php

require("cpg.php");

if( $_GET['image'] ) // selected image from bookmark or get form
        $file = $_GET['image'];

if( $_FILES['userfile']['tmp_name'] ) // Upload detected captain!
        handle_upload();

When Vulnerable : 

Method :

1. Go to site.com/wp-content/themes/smallbiz/palette/index.php

2. Upload your image

3. if succes, click image & open in new tab

Tweet