Test for #xss and #SQLi

-"><img src=x>kdskf${{7*7}}

Enter in EVERY parameter

Javascript injection test -""> html tag attribute test

-<img src=x> HTML injection - ${{7*7}} CSTI + SSTI

--"" SQLI

🔥🔥🔥glibc-2.37 - incorrect printf output for integers with thousands separator and width field(CVE-2023-25139, BOF)
sprintf in the GNU C Library (glibc) 2.37 has a BOF (OOB) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes.

Consider the following C program:

#include <stdio.h>
#include <locale.h>

int main (void)
{
  if (setlocale (LC_ALL, ""))
    {
      printf ("1234567890123:\n");
      printf ("%0+ -'13ld:\n", 1234567L);
    }
  return 0;
}

and try it with a locale that has a thousands separator, such as "LC_ALL=en_US.utf8".

With glibc up to 2.36, Vincent get as expected:
1234567890123:
+1,234,567 :

Confirmed that this could potentially cause a buffer overflow with sprintf, something like below. This will occur in the corner case where an application computes the size of buffer to be exactly enough to fit the digits in question, but sprintf ends up writing a couple of extra bytes, hence going beyond bounds.

#include <stdio.h>
#include <locale.h>
#include <string.h>

int main (void)
{
  char buf[strlen ("1234567890123:") + 1];
  __builtin_memset (buf, 'x', sizeof (buf));
  if (setlocale (LC_ALL, ""))
    {
      printf ("1234567890123:\n");
      printf ("%0+ -'13ld:\n", 1234567L);
      sprintf (buf, "%0+ -'13ld:", 1234567L);
      for (size_t i = 0; i < strlen ("1234567890123:") + 1; i++)
  {
    printf ("%c", buf[i]);
  }
      printf ("\n");
    }
  return 0;
}

To finish, building with _FORTIFY_SOURCE should catch this problem immediately:

💾$ gcc -D_FORTIFY_SOURCE=1 -O -o sprintf-test sprintf-test.c

And run:
💾$ LOCPATH=$PWD/localedata LC_ALL=en_US.UTF-8 ./elf/ld-linux-x86-64.so.2 --library-path .:./math:./elf:./dlfcn:./nss:./nis:./rt:./resolv:./mathvec:./support:./crypt:./nptl ../sprintf-test
1234567890123:
+1,234,567 :
*** buffer overflow detected ***: terminated
Aborted (core dumped)

🛡Fixed here( github mirror, backport to release/2.37/master ): "Account for grouping in printf width".

📕Ransomware Attacks on Critical
Infrastructure Fund DPRK(Democratic People’s Republic of Korea) Malicious Cyber Activities

#advisory #NSA #FBI #CISA #HHS #ROK #NIS #DSA #CSA #DPRK #security #ransomware #ICS #exploitation #Apache #Log4j #SMA100 #TOS

Resources for Reverse Engineering Online Games

#cybersecurity #infosec #hacking

https://github.com/dsasmblr/game-hacking

BokuLoader | is a Cobalt Strike User-Defined Reflective Loader written in Assembly & C for advanced evasion capabilities.

Now supports: sleepmask, cleanup, and obfuscate evasion features!

Download: https://system32.ink/news-feed/p/238/

Hey everyone!

Check out our another blog on SQL Injection.

SQL Injection attack | Prevention| Cyber Security Professionals

Let's learn and grow together

https://techofide.com/blogs/sql-injection-attack-sqli-sql-injection-prevention-sql-injection-cheat-sheet-practical-demo/

ExploitLeakedHandle: Identify and exploit leaked handles for local privilege escalation
https://github.com/0x00Check/ExploitLeakedHandle

​​ConfFuzz

Fuzzing for Interface Vulnerabilities

ConfFuzz is an in-memory fuzzer aimed at detecting interface vulnerabilities in compartmentalized contexts. ConfFuzz is a cooperation between the University of Manchester, University Politehnica of Bucharest, Rice University, and Unikraft.io. It has been accepted to appear in NDSS'23.

https://github.com/conffuzz/conffuzz

​​CVE-2023-0669

GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.

https://github.com/0xf4n9x/CVE-2023-0669

#cve

​​UIT Pwned 🔒

This project replicates the functionality of haveibeenpwned.com by checking if a student's roll number has been breached or not (breached in this context is having used a weak password for your UIT portal i.e 12345678 or 123456789). It uses a Flask web server to check the status of a student's roll number and tells if password was breached by uitPortalLogin.py.

https://github.com/cocomo29/UIT-Pwned

🔓CVE-2022-23935 exploit PoC exiftool version 12.37

Usage:

./CVE-2022-23935 <IP> <PORT>

Download: https://system32.ink/news-feed/p/239/

​​DDoS-Protection-Lite

Anti-DDoS-Lite (Anti-Crawler app) is a small PHP app to protect your site against DDoS attack.

https://github.com/CleanTalk/anti-ddos-lite

Hello everyone!

Here is our new article on Aircrack-ng

This will show you everything that you need to learn before start with a practical demonstration

Blog + Video

https://techofide.com/blogs/how-to-use-aircrack-ng-aircrack-ng-tutorial-practical-demonstration/

SALUTES OUR MARYTYRS OF PULWAMA ATTACK

#PulwamaAttack
#blackday