From 97a798e357fdc902b2ec41c8f1e492c3d863b5ca Mon Sep 17 00:00:00 2001
From: "Pedro Worcel (Security-Assessment.com)" <pedro@worcel.com>
Date: Tue, 8 Apr 2014 11:40:38 +1200
Subject: [PATCH] add more templates which are vulnerable to
 1337day.com/exploit/22090

---
 data/theme_vulns.xml | 454 +++++++++++++++++++++++++++++++++++++++----
 1 file changed, 419 insertions(+), 35 deletions(-)

diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml
index 7266f50a..a610778b 100644
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -3030,53 +3030,437 @@
   </theme>
 
   <theme name="Realestate">
-      <vulnerability>
-          <title>Wordpress Templatic Themes CSRF File Upload Vulnerability</title>
-          <references>
-              <url>http://1337day.com/exploit/22091</url>
-          </references>
-          <type>CSRF</type>
-      </vulnerability>
+    <vulnerability>
+      <title>Wordpress Templatic Themes CSRF File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/22091</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
   </theme>
 
   <theme name="dailydeal">
-      <vulnerability>
-          <title>Wordpress Templatic Themes CSRF File Upload Vulnerability</title>
-          <references>
-              <url>http://1337day.com/exploit/22091</url>
-          </references>
-          <type>CSRF</type>
-      </vulnerability>
+    <vulnerability>
+      <title>Wordpress Templatic Themes CSRF File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/22091</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
   </theme>
 
   <theme name="nightlife">
-      <vulnerability>
-          <title>Wordpress Templatic Themes CSRF File Upload Vulnerability</title>
-          <references>
-              <url>http://1337day.com/exploit/22091</url>
-          </references>
-          <type>CSRF</type>
-      </vulnerability>
+    <vulnerability>
+      <title>Wordpress Templatic Themes CSRF File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/22091</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
   </theme>
 
   <theme name="5star">
-      <vulnerability>
-          <title>Wordpress Templatic Themes CSRF File Upload Vulnerability</title>
-          <references>
-              <url>http://1337day.com/exploit/22091</url>
-          </references>
-          <type>CSRF</type>
-      </vulnerability>
+    <vulnerability>
+      <title>Wordpress Templatic Themes CSRF File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/22091</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
   </theme>
 
   <theme name="specialist">
-      <vulnerability>
-          <title>Wordpress Templatic Themes CSRF File Upload Vulnerability</title>
-          <references>
-              <url>http://1337day.com/exploit/22091</url>
-          </references>
-          <type>CSRF</type>
-      </vulnerability>
+    <vulnerability>
+      <title>Wordpress Templatic Themes CSRF File Upload Vulnerability</title>
+      <references>
+        <url>http://1337day.com/exploit/22091</url>
+      </references>
+      <type>CSRF</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="flatshop">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="magazine">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="parallax">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="bold">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="metro">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="pinshop">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="agency">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="slide">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="postline">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="fullscreen">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="shopo">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="minshop">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="notes">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="shopdock">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="phototouch">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="basic">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="responz">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="simfo">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="grido">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="tisa">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="funki">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="minblr">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="newsy">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="wumblr">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="rezo">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="photobox">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="edmin">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="koi">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="bizco">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="thememin">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="wigi">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
+  </theme>
+
+  <theme name="sidepane">
+    <vulnerability>
+      <title>themify-ajax.php File Upload Arbitrary Code Execution</title>
+      <references>
+        <osvdb>100271</osvdb>
+        <url>http://packetstormsecurity.com/files/124097/</url>
+        <url>http://1337day.com/exploit/22090</url>
+      </references>
+      <type>UPLOAD</type>
+    </vulnerability>
   </theme>
 
 </vulnerabilities>