Sunday, 4 May 2014

Exploit WordPress: OptimizePress Theme - File Upload Vulnerability

Finding Vulnerable Target:

Dork   : inurl:/wp-content/themes/OptimizePress/

Exploit : /wp-content/themes/OptimizePress/lib/admin/media-upload.php

1- First of all, as usual, copy and paste one of those dork on Google, you will see thousands of site.

2- Choose any site as your target

Exploiting Target:

1- Once you have chosen a target, simply paste the exploit at the end of the site url ,

For example you found,

So it would be something like this, 

2- If the site is vulnerable, you will see this,

3- Click on Choose File  and browse for your shell.

4- Click Upload File and if the upload was success, you will see the file name with some id or date infront of it.

5- Your shell was uploaded to this directory,


6- In order to view it, add the path at the end of the site url with the given file id. 
Example for mine is,

That's all. Thank you.