• Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap
The Hack Post
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health
No Result
View All Result
The Hack Post
No Result
View All Result

WordPress Theme “dance-studio” Vulnerable to Arbitrary Shell Upload

Afrasiab Khan by Afrasiab Khan
February 14, 2017
Wordpress Theme "dance-studio" Vulnerable to Arbitrary Shell Upload
Share on FacebookShare on Twitter

A vulnerability in the WordPress theme “dance-studio” has been discovered allowing attackers to upload malicious files like a shell, onto the targeted website. The exploit was posted to the exploit database, “0.day.today?” and has been authored by a security analyst going by the alias of xBADGIRL21. The exploit when used uploads a shell file onto the website through the “/wp-content/uploads/” directory path.

Screenshot of full exploit uploaded onto 0day.today? exploit database by xBADGIRL21
Screenshot of full exploit uploaded onto 0day.today? exploit database by xBADGIRL21

xBADGIRL21 also uploaded a YouTube video showing proof as to how the exploit can be used to breach WordPress websites who have the theme installed. The exploit runs a html script that grants permission to the hacker to upload any file they desire.

Video proof of concept (PoC) of the exploitation of the vulnerability uploaded to YouTube by author xBADGIRL21:

Code used to upload the shell onto the dance-studio themed WordPress website:

Screenshot of html code of the exploit
Screenshot of html code of the exploit

WordPress itself has nothing to do with the bugs found. It is solely an issue with the code the programmers of the theme have implemented. The theme creators and coders are not yet aware of the exploit as of yet since no patch has been made or deployed. The creators of the dance-studio theme have not addressed the critical vulnerability as of yet either.

Tags: WordpressWordpress Theme
Afrasiab Khan

Afrasiab Khan

A newbie writer at The Hack Post. Completely in love with technology. Writing has always been a passion of mine and so is hacking. Combine them together and you get me. A bit of experience in the fields of cyber security and looking to expand on that in the times to come. As a student of Engineering, being an author at The Hack Post helps me cope with the stress that comes with that.

Next Post
UK Police Website Hacked

UK Police Website Hacked by Turkish Hackers

Latest Articles

Helping Your Adult Children Deal With Debt
news

Helping Your Adult Children Deal With Debt

September 28, 2023
Surprising Things You Can Do Online
Technology

Surprising Things You Can Do Online

September 26, 2023
Unlocking Growth Strategies for Successful Business Digital Transformation
Science / Health

Unlocking Growth: Strategies for Successful Business Digital Transformation

September 25, 2023
The Benefits of Implementing a Robust Corporate Travel Program
news

The Benefits of Implementing a Robust Corporate Travel Program

September 22, 2023
Worldcoin's Under Fire Is It Really Safe?
news

Worldcoin’s Under Fire: Is It Really Safe?

September 22, 2023
8 Reasons Why Working With Cross Country Movers Is Essential
Business

8 Reasons Why Working With Cross Country Movers Is Essential

September 21, 2023
How QA Automation Can Help Your Business Save Time and Money?
Business

How QA Automation Can Help Your Business Save Time and Money?

September 20, 2023
The Design of a Successful Social Media Strategy
Technology

The Design of a Successful Social Media Strategy

September 19, 2023
Java Constructors Creating Objects with Initial State
Technology

Java Constructors: Creating Objects with Initial State

September 11, 2023
Apple Pencil
Technology

Avail a 20% Price Cut on the Classic Apple Pencil

September 10, 2023
Holistic Health Six Proven Benefits You Should Know
Science / Health

Holistic Health: Six Proven Benefits You Should Know

September 4, 2023
The Risks and Rewards of Crypto Arbitrage
news

The Risks and Rewards of Crypto Arbitrage

September 1, 2023
  • Home
  • About Us
  • Authors
  • Submit News
  • Contact Us
  • Privacy Policy
  • Sitemap

The Hack Post © 2019

No Result
View All Result
  • Hacking News
    • Cyber Crime
  • Cyber Security
  • Technology
    • Internet
  • Entertainment
    • Gaming
  • Business
  • Science / Health

The Hack Post © 2019