Skip to content

Instantly share code, notes, and snippets.

@erwanlr
erwanlr / realia-1.4.0-idor.md
Last active Oct 15, 2020
Realia <= 1.4.0 - Unauthenticated IDOR
View realia-1.4.0-idor.md

While investigating an IDOR issue in the Home Sweet premium theme, allowing arbitrary deletion of Ads, the Realia plugin was found to be the root cause.

In fact, having this plugin installed (which some themes require) can allow unauthenticated attackers to delete arbitrary posts, by submitting a malicious request with the post ID to delete.

In includes/class-realia-submission.php

add_action( 'init', array( __CLASS__, 'process_remove_form' ), 9999 );
[...]
public static function process_remove_form() {
  if ( ! isset( $_POST['remove_property_form'] ) || empty( $_POST['property_id'] ) ) {
View keybase.md

Keybase proof

I hereby claim:

  • I am erwanlr on github.
  • I am erwan_lr (https://keybase.io/erwan_lr) on keybase.
  • I have a public key ASALTGqiRe7TyA5CvJoF6CuAC9zFUpa0jF-zTA3910VmjAo

To claim this, I am signing this object:

View errors_spec.rb
require 'rspec'
require 'optparse'
module Test
class Error < StandardError
end
class AnotherError < Error
def to_s
'this message exactly'
View gist:8235e7d0f27ef79a841f
$ hydra -dvv -t 2 -l admin -p admin -V 192.168.1.103 http-form-get "/test.php:log=^USER^&pwd=^PASS^&testcookie=1:incorrect"
Hydra v8.1 (c) 2014 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
[DEBUG] Ouput color flag is 1
Hydra (http://www.thc.org/thc-hydra) starting at 2015-06-27 20:23:46
[DEBUG] cmdline: hydra -dvv -t 2 -l admin -p admin -V 192.168.1.103 http-form-get /test.php:log=^USER^&pwd=^PASS^&testcookie=1:incorrect
[VERBOSE] More tasks defined than login/pass pairs exist. Tasks reduced to 1
[DATA] max 1 task per 1 server, overall 64 tasks, 1 login try (l:1/p:1), ~0 tries per task
[DATA] attacking service http-get-form on port 80
[VERBOSE] Resolving addresses ...
View webmock_redirects
#!/usr/bin/env ruby
require 'rubygems'
require 'typhoeus'
require 'webmock'
include WebMock::API
module WebMock
class StubRegistry
@erwanlr
erwanlr / gist:9840891
Last active Aug 31, 2015
Data sent & received for WPScan
View gist:9840891
#!/usr/bin/env ruby
require 'typhoeus'
require 'addressable/uri'
require 'pathname'
require 'ruby-progressbar'
# @return [ Integer ] The memory of the current process in Bytes
def memory_usage
`ps -o rss= -p #{Process.pid}`.to_i * 1024 # ps returns the value in KB
@erwanlr
erwanlr / Gemfile
Last active Dec 14, 2015
Typhoeus::Hydra issue
View Gemfile
source "http://rubygems.org"
gem 'typhoeus', '>=0.6.2'
#gem 'typhoeus', :git => 'git://github.com/typhoeus/typhoeus.git'
gem 'webmock', '>=1.9.3'
gem 'rspec', :require => 'spec'
You can’t perform that action at this time.