Chuksrio LMS version 2.9 suffers from an insecure direct object reference vulnerability.

**Chuksrio LMS 2.9 Insecure Direct Object Reference**

Posted Jul 30, 2024

Authored by indoushka

Chuksrio LMS version 2.9 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 2913e2114833b1b975093b54cddc506496b54958798b2a0f6a2dd39c81193a02

Download | Favorite | View

**Chuksrio LMS 2.9 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : Chuksrio LMS v2.9 IDOR Vulnerability                                                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /admin/header.php?captcha[+] https://www/127.0.0.1/mefkayschools.org/admin/header.php?captchaGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,203)
*   Arbitrary (16,836)
*   BBS (2,859)
*   Bypass (1,854)
*   CGI (1,033)
*   Code Execution (7,783)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,383)
*   DoS (25,016)
*   Encryption (2,389)
*   Exploit (53,089)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,885)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (896)
*   Kernel (7,183)
*   Local (14,788)
*   Magazine (586)
*   Overflow (13,161)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,724)
*   Python (1,630)
*   Remote (31,622)
*   Root (3,632)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,024)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,275)
*   SQL Injection (16,591)
*   TCP (2,440)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,920)
*   Web (9,953)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,084)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,560)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,418)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,704)
*   UNIX (9,432)
*   UnixWare (187)
*   Windows (6,668)
*   Other

Chuksrio LMS 2.9 Insecure Direct Object Reference

Debian Linux Security Advisory 5734-2 - The security update announced as DSA 5734-1 caused a regression on configurations using the Samba DLZ module. Updated packages are now available to correct this issue.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5734-2                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
July 27, 2024                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : bind9  
Debian Bug     : 1074378

The security update announced as DSA 5734-1 caused a regression on  
configurations using the Samba DLZ module. Updated packages are now  
available to correct this issue.

For the stable distribution (bookworm), this problem has been fixed in  
version 1:9.18.28-1~deb12u2.

We recommend that you upgrade your bind9 packages.

For the detailed security status of bind9 please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/bind9

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmalaGpfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0RQAA/+IIV9G8lTWHgh0YmMe1a84sYlo37BLBaCMeefUsBGBhngJlNCFT2m3YxA  
+zf6lMfHOvZPysMWoFqwIzRRo/wcQ9v4NhvZ0pEQaeUkCwqNzfWiUspoTLdGY/aw  
orrw6egUIv89lUDTixQpoI2+bhdM0ASrgpWV/AoAhELV0eUU29d2apsKr58um2W1  
HS1cu7IystRKaRqhZHdaQg5aHiOsuATne19OKQ+Zp9mQmgpzaw6gupRFNwcQC0tT  
9bVod4k4R5G/Z1takHW+ePrSEBfC7zWNYjrYLlEr0bf56tO1nZU9PQJuIPZfADaC  
TNtvkWTk5ZOEudDFiUXhkyjVT6o0sBS98/FzXqSRSlq1z51KeJy0QPziUdQjqcDV  
tV/314by4uXfLkRIXiTMQhtAP9HlTIdk8wy2ceX3sYwNPxfLT5oAoGVA2b1CLU7m  
MPU+qbu1fjJaebZJQA/L5WnHDLNPH4jMg6Pz3Kr7bbB8LEumC7zlp5T2IyY+BbHF  
ECBeZTsW27Gs1CS044ANmPrqoL5qE46YrIzWfYO5/hnvoM/f53JpshGGMYiKyW1r  
9CWN3IlZpxk8cEjtoudO6H5TlLHlUpfs+zwOVcCoer5TVsCwzy/achxXYS29xLLY  
3QeoAL3yBPnfvMUzynbUz9qovzt7p7csbg5cwf2C/lCP9imZUk8=  
=UY8Z  
-----END PGP SIGNATURE-----

Debian Security Advisory 5734-2

QuickJob version 6.1 suffers from an ignored default credential vulnerability.

**QuickJob 6.1 Insecure Settings**

Posted Jul 29, 2024

Authored by indoushka

QuickJob version 6.1 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | e6896d4cea9d5e1f38adf67e9cf29b00d07caf0ece1ebc4e316d431f13e72eca

Download | Favorite | View

**QuickJob 6.1 Insecure Settings**

    ====================================================================================================================================| # Title     : quickjob 6.1 Insecure Settings Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://codecanyon.net/item/quickjob-job-board-php-script/25217096                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user&pass: admin[+] panel : https://www/127.0.0.1/xpressdigitalonline/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,161)
*   Arbitrary (16,833)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,780)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (25,014)
*   Encryption (2,389)
*   Exploit (53,083)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,179)
*   Local (14,782)
*   Magazine (586)
*   Overflow (13,153)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,618)
*   Root (3,625)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,023)
*   Shell (3,272)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,589)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,911)
*   Web (9,949)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,084)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,556)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,418)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,700)
*   UNIX (9,431)
*   UnixWare (187)
*   Windows (6,667)
*   Other

QuickJob 6.1 Insecure Settings

Prison Management System version version 1.0 suffers from an ignored default credential vulnerability.

**Prison Management System version 1.0 Insecure Settings**

Posted Jul 29, 2024

Authored by indoushka

Prison Management System version version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 81a9d01f3c8c94bb0000f4403731ff41830ed447ed13fdad39cbe7cc67884842

Download | Favorite | View

**Prison Management System version 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Prison Management System version 1.0 Insecure Settings Vulnerability                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html                     |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/untcarriercom/admin/?page=system_infoGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,161)
*   Arbitrary (16,833)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,780)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (25,014)
*   Encryption (2,389)
*   Exploit (53,083)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,179)
*   Local (14,782)
*   Magazine (586)
*   Overflow (13,153)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,618)
*   Root (3,625)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,023)
*   Shell (3,272)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,589)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,911)
*   Web (9,949)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,084)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,556)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,418)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,700)
*   UNIX (9,431)
*   UnixWare (187)
*   Windows (6,667)
*   Other

Prison Management System version 1.0 Insecure Settings

Pharmacy Management System version 1.0 suffers from an ignored default credential vulnerability.

**Pharmacy Management System 1.0 Insecure Settings**

Posted Jul 29, 2024

Authored by indoushka

Pharmacy Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 59f44c9b7f06be4efb67d80c7c07d536ce29ef1457664c97c77dea0949148078

Download | Favorite | View

**Pharmacy Management System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Pharmacy Management System v1.0 Insecure Settings Vulnerability                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/user/257130/activity                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yoruanwitness000webhostappcom/admin/?page=clientsGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,161)
*   Arbitrary (16,833)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,780)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (25,014)
*   Encryption (2,389)
*   Exploit (53,083)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,179)
*   Local (14,782)
*   Magazine (586)
*   Overflow (13,153)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,618)
*   Root (3,625)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,023)
*   Shell (3,272)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,589)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,911)
*   Web (9,949)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,084)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,556)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,418)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,700)
*   UNIX (9,431)
*   UnixWare (187)
*   Windows (6,667)
*   Other

Pharmacy Management System 1.0 Insecure Settings

Online Payment Hub System version 1.0 suffers from an ignored default credential vulnerability.

**Online Payment Hub System 1.0 Insecure Settings**

Posted Jul 29, 2024

Authored by indoushka

Online Payment Hub System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 30a6b1cbf6e4c838b1c70e5f65c51d228a564e5d1e6f1bc286e2c364b4ee5cda

Download | Favorite | View

**Online Payment Hub System 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Online Payment Hub System v1.0 Insecure Settings Vulnerability                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://scriptmafia.org                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yoruban-witness.000webhostappcom/admin/?page=clientsGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,161)
*   Arbitrary (16,833)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,780)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (25,014)
*   Encryption (2,389)
*   Exploit (53,083)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,179)
*   Local (14,782)
*   Magazine (586)
*   Overflow (13,153)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,618)
*   Root (3,625)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,023)
*   Shell (3,272)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,589)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,911)
*   Web (9,949)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,084)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,556)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,418)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,700)
*   UNIX (9,431)
*   UnixWare (187)
*   Windows (6,667)
*   Other

Online Payment Hub System 1.0 Insecure Settings

Innue Business Live Chat version 2.5 suffers from an ignored default credential vulnerability.

**Innue Business Live Chat 2.5 Insecure Settings**

Posted Jul 29, 2024

Authored by indoushka

Innue Business Live Chat version 2.5 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 69cf2bb9bb7d7ff376d99fe228145e43a3757fab2416d6aff6f75b372ddf2d3a

Download | Favorite | View

**Innue Business Live Chat 2.5 Insecure Settings**

    ====================================================================================================================================| # Title     : innue business live chat v2.5 Insecure Settings Vulnerability                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.bdtask.com/business-live-chat-software.php                                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = admin[+] https://www/127.0.0.1/vmi1941086contaboservernet/loginGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,161)
*   Arbitrary (16,833)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,780)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (25,014)
*   Encryption (2,389)
*   Exploit (53,083)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,179)
*   Local (14,782)
*   Magazine (586)
*   Overflow (13,153)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,618)
*   Root (3,625)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,023)
*   Shell (3,272)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,589)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,911)
*   Web (9,949)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,084)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,556)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,418)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,700)
*   UNIX (9,431)
*   UnixWare (187)
*   Windows (6,667)
*   Other

Innue Business Live Chat 2.5 Insecure Settings

### Impact

This XSS vulnerability is about the system configs
* design/header/welcome
* design/header/logo_src
* design/header/logo_src_small
* design/header/logo_alt

They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases.
But because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript.

While this is in most usage scenarios not a relevant issue, some people work with more restrictive roles in the backend. Here the ability to inject JavaScript with these settings would be an unintended and unwanted privilege.

### Patches
_Has the problem been patched? What versions should users upgrade to?_  

The problem is patched with Version 20.10.1 or higher.

### Workarounds
_Is there a way for users to fix or remediate the vulnerability without upgrading?_  

Possible mitigations are
* Restricting access to the System Configs 
* checking templates where these settings are used to apply proper html filtering

### For Users relying on this possibility

Some Users might actually rely on the ability to use html there.
You can restore the previous behavior by making use of the new introduced `->getUnescapedValue()` method on this escaped elements. Developers should have a look at the newly introduced `Mage_Core_Model_Security_HtmlEscapedString`

### Credit

Credit goes to  Aakash Adhikari @justlife4x4 for finding this issue

**Impact**

This XSS vulnerability is about the system configs

*   design/header/welcome
*   design/header/logo\_src
*   design/header/logo\_src\_small
*   design/header/logo\_alt

They are intended to enable admins to set a text in the two cases, and to define an image url for the other two cases.  
But because of previously missing escaping allowed to input arbitrary html and as a consequence also arbitrary JavaScript.

While this is in most usage scenarios not a relevant issue, some people work with more restrictive roles in the backend. Here the ability to inject JavaScript with these settings would be an unintended and unwanted privilege.

**Patches**

_Has the problem been patched? What versions should users upgrade to?_

The problem is patched with Version 20.10.1 or higher.

**Workarounds**

_Is there a way for users to fix or remediate the vulnerability without upgrading?_

Possible mitigations are

*   Restricting access to the System Configs
*   checking templates where these settings are used to apply proper html filtering

**For Users relying on this possibility**

Some Users might actually rely on the ability to use html there.  
You can restore the previous behavior by making use of the new introduced ->getUnescapedValue() method on this escaped elements. Developers should have a look at the newly introduced Mage_Core_Model_Security_HtmlEscapedString

**Credit**

Credit goes to Aakash Adhikari @justlife4x4 for finding this issue

**References**

*   GHSA-5vrp-638w-p8m2
*   https://nvd.nist.gov/vuln/detail/CVE-2024-41676
*   OpenMage/magento-lts@484cf8a

GHSA-5vrp-638w-p8m2: Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs

An attack flow that combines API flaws within "log in with" implementations and Web injection bugs could affect millions of websites.

Source: Richard Levine via Alamy Stock Photo

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar service, which tracks and records Web user activity, and in the code of the popular Business Insider global news website.

That's according to API security firm Salt Security's Salt Labs, which found that by pairing manipulation of the OAuth standard with cross-site scripting (XSS) flaws in the two sites, attackers can potentially expose sensitive data and conduct malicious activity acting as legitimate users of more than a million websites.

Hotjar, a tool that complements Google Analytics by recording user activity to analyze behavior, serves more than a million websites, including well-known brands such as Adobe, Microsoft, Panasonic, Columbia, RyanAir, Decathlon, T-Mobile, and Nintendo.

"Due to the nature of the Hotjar solution, the data it collects can include a vast volume of personal and sensitive data, such as names, emails, addresses, private messages, bank details, and even credentials under certain circumstances," according to a Salt Labs blog post on the research.

A separate but just as dangerous vulnerability found on the Business Insider website can meanwhile be exploited to perform an cross-site scripting (XSS) attack and take over accounts on that site, which has millions of global users.

More worrisome, the same combination of problems is likely widespread and lurking on whole swathes of the Internet, the researchers warned.

**A Modern Authentication Standard Meets an Old Flaw**

OAuth is a relatively new standard increasingly being used for seamless cross-website authentication, familiar to many as the engine behind the "log in with Facebook" or "log in with Google" functionality included in many websites. The standard drives the mechanism responsible for the authentication handoff between the sites, allowing user data to be shared between them. It's been known to be misconfigured upon implementation in ways that create serious vulnerabilities that span numerous sites.

XSS, meanwhile, is one of the most oft-exploited and oldest Web vulnerabilities. It allows an attacker to inject malicious code into a legitimate Web page or application in order to execute scripts in a website visitor's browser for data theft and more.

An attacker who successfully exploits an attack vector that combines the two "will gain the same permissions and functionality as the victim, and therefore, the risk will be parallel to what can actually be done by a normal system user," Yaniv Balmas, vice president of research at Salt, tells Dark Reading.

Salt Labs discovered the vulnerability on the Business Insider site on March 20 and immediately informed the company, which fixed the flaws by March 30. The Hotjar flaw was discovered on April 17, and, upon disclosure, mitigated two days later.

However, Salt researchers believe that flaws that allow attackers to exploit this combo of OAuth and XSS are likely lurking undetected on other sites, thus exposing millions of unsuspecting users to potential account takeover.

"We strongly believe this is a very common issue, and most chances are that many other online services suffer from the same issue," Balmas says.

**Hotjar Attack**

Given that XSS has been around so long, most websites have built-in protections against attacks that exploit this vulnerability. Salt researchers were able to get around them using OAuth in two separate instances on both Hotjar and the Business Insider website.

On the former, the researchers manipulated the social login aspect of Hotjar, which redirects to Google to receive a secret token through OAuth to complete authentication on Hotjar. That token is a URL that contains secret code, which is something that JavaScript code can read, creating an XSS flaw.

"To combine XSS with this new social-login feature and achieve working exploitation, we use a JavaScript code that starts a new OAuth login flow in a new window and then reads the token from that window," according to the post. "With this method, the JavaScript code opens a new tab to Google, and Google automatically redirects the user back to \[the Hotjar site\] with the OAuth code in the URL."

The code reads the URL from the new tab and extracts the OAuth credentials from it. Once the attackers have a victim's code, they can start a new login flow in Hotjar, replacing their code with the victim code and leading to a full account takeover and thus potential exposure of all the personal data collected by Hotjar.

**Exploiting Mobile Logins**

The researchers also managed to exploit the social sign-in feature integrated into the code of the Business Insider website, specifically through mobile authentication, which opens a new Web browser to authenticate the user. After the user completes the authentication on the Web, they are then redirected to an endpoint with their credentials as parameters that are sent from the Web to the mobile site.

"This endpoint, created only to support authentication using the mobile application, is vulnerable to XSS," according to the post. Thus, if an attacker can read the credentials from the URL, they can achieve account takeover.

"What we need to do is write JavaScript code that starts a login flow, wait for the token to be visible in the URL, and then read that URL," according to the post. "If a victim clicks on that link, their credentials will be passed to a malicious domain."

Though the flaws specifically found on Hotjar and Business Insider have been mitigated, the potential for exploit on other sites means site administrators need to be careful in how they implement OAuth, lest it be used in similar attack scenarios, Balmas says.

"As always, when implementing any new technology, many things need to be considered, including, of course, security," he says. "A solid implementation that considers all possible options should be secure and will not allow an attacker an opportunity to abuse this attack vector."

**About the Author(s)**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

A large text-message phishing attack campaign attributed to the China-based Smishing Triad employs malicious iMessages.

Image Source: dbtravel via Alamy Stock Photo

A China-based hacking group known as Smishing Triad has waged text message-borne phishing attacks against individuals in India, using the country's government-operated postal system as a lure.

The threat actors are targeting iPhone users with text messages falsely claiming that a package is awaiting collection at an India Post warehouse. The deceptive messages contain URLs leading to fraudulent websites.

According to a new Fortinet FortiGuard Labs report, between January and July 2024, more than 470 domain registrations were mimicking India Post's official domain, with the majority registered via Chinese and American domain registrars.

Researchers at FortiGuard Labs discovered phishing emails sent via iMessage using third-party email addresses like Hotmail, Gmail, and Yahoo. Apple ID accounts configured with these third-party emails send the malicious messages containing short URLs that direct recipients to the fraudulent websites.

**Text Phishing Goes Postal**

India Post is just the latest mail service to face mobile phishing attacks. The US Postal Service (USPS) recently found its name abused in smishing attacks orchestrated by a single threat actor based in Tehran. Another recent smishing attack aimed at US citizens informed them they had unpaid road tolls, with the aim of coercing targets into giving up their bank information.

Stephen Kowski, field CTO at SlashNext Email Security+, says the India Post phishing campaign highlights the evolving tactics of threat actors.

"They are now leveraging trusted communication channels like iMessage to deceive victims, underscoring the need for comprehensive mobile Web threat protection that can detect and block malicious URLs, even when wrapped in encrypted messages," he says.

As SMS- and other text-based attacks become increasingly sophisticated, organizations must prioritize educating their users on how to identify and report suspicious messages, he notes. "They must also implement robust security measures that can inspect and mitigate threats in real-time, regardless of the communication channel used."

By extending security controls to the mobile Web, organizations can better protect their users from these types of attacks, even when they occur outside of traditional network perimeters.

**"Mobile First" Attacks Rise**

Mobile devices are a prime target for phishing campaigns, given the amount of phishing vectors available to attackers, be it SMS, QR codes, third-party communication apps, or personal email.

This, combined with a relative false sense of security most users and organizations have on mobile, and a lack of active security controls, make mobile phishing campaigns a low risk, high reward for attackers for both personal and corporate information.

Krishna Vishnubhotla, vice president of product strategy at Zimperium, says this type of "mobile first" attack is something that is occurring more and more every day.

"Cybercriminals and hackers have begun to realize that there's a false sense of security with mobile devices, particularly those on iOS," he says.

Users tend to be less careful on their mobile devices than on a standard computer or laptop, and they rarely have proper security controls in place on their mobile devices.

"Our own research has shown a significant rise recently in mobile-targeted phishing attacks that only fully execute the attack when the link is clicked from a mobile device," he says. "Users must be on guard for anything that appears unusual, especially related to a text message or SMS."

He advises companies to have strong mobile endpoint protection defenses on employee phones to protect against exactly this type of attack, or worse.

**About the Author(s)**

Nathan Eddy is a freelance journalist and award-winning documentary filmmaker specializing in IT security, autonomous vehicle technology, customer experience technology, and architecture and urban planning. A graduate of Northwestern University’s Medill School of Journalism, Nathan currently lives in Berlin, Germany.

Tag

#ios