Accept Stripe Donation – AidWP Security Vulnerabilities

WP Fundraising Donation and Crowdfunding Platform < 1.5.0 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users PoC curl 'https://example.com/index.php?rest_route=/xs-donate-form/payment-redirect/3' \ --data '{"id": "(SELECT 1...

WP Fundraising Donation and Crowdfunding Platform < 1.5.0 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated...

Improper access control

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

CVE-2022-1442

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

CVE-2022-1442

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

Stripe: Tomcat Servlet Examples accessible at https://44.240.33.83:38443 and https://52.36.56.155:38443

Tomcat Servlet Examples were accessible from the internet. This report demonstrated that it was possible to disclose IP addresses of internal application...

Fake USA for UNHCR site wants your Ukraine donations in Bitcoin

Since Russia began invading Ukraine in late February, many organizations have set up donation pages to aid the most heavily affected: Families who were forced out of their homes due to bombings and children separated from grown-ups who decided to stay and take arms. We've also seen a considerable.....

Elon Musk-themed cryptocurrency scam uses fake Medium as the promotion site

So Elon Musk is buying Twitter, and you can be sure that scammers are making the most of this news. As Elon Musk spends most of the week in the headlines, so pop up Elon Musk-themed scams—and it looks like they may be ramping up. We witnessed a flurry of replies from the man himself in response...

CVE-2022-1396

The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is...

A week in security (April 18 – 24)

Last week on Malwarebytes Labs: Why you shouldn’t automate your VirusTotal uploads North Korean Lazarus APT group targets blockchain tech companies Watch out for Ukraine donation scammers in Twitter replies Beware tragic “my daughter died…” Facebook posts offering free PS5s US warns of APT groups.....

Metform Elementor Contact Form Builder < 2.1.4 - Unauthenticated API keys and Secrets Disclosure

The is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs such as PayPal, Stripe, Mailchimp, Hubspot, HelpScout,...

The fake Elon Musk Bitcoin giveaway marathon will NOT make you rich

Today we look at a fakeout which begins with Elon Musk, and ends with a trip to Mars (or, if you're really lucky, the Sun). One of the most annoying “features” of Twitter is being added to lists without permission. It's a theoretically useful way to keep track of certain topics. It’s often also...

CVE-2022-24825

Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an.....

CVE-2022-24825

Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an.....

Server side request forgery (ssrf)

Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an.....

Watch out for Ukraine donation scammers in Twitter replies

The invasion of Ukraine has been a money making opportunity for scammers since the moment it began: Fake donation sites, bogus Red Cross portals, phishing pages, the works. These scams can also be found on social media. Faking donations on Twitter Some users of social media have become very...

Bypass Protection For Server-side Request Forgery (SSRF)

github.com/stripe/smokescreen is vulnerable to Bypass protection for sever-side request forgery. Appending a dot to the end of user-supplied URLs, or by providing input in a different letter case allows an attacker to bypass the deny list feature of the...

Multiple Plugins from Cool Plugins - Subscriber+ Arbitrary Plugin Installation & Activation

Multiple plugins from the Cool Plugins vendor are missing capability and proper CSRF check in the cool_plugins_install and cool_plugins_activate AJAX actions, available to any authenticated users, allowing them to install and activate arbitrary plugins via an archive hosted on a remote server they....

yVault: First depositor can break minting of shares

Lines of code Vulnerability details Details The attack vector and impact is the same as TOB-YEARN-003, where users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”. Proof of Concept Attacker deposits 1 wei to mint 1...

Smokescreen SSRF via deny list bypass

The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional (e.g., external) URLs by way....

Smokescreen SSRF via deny list bypass

The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional (e.g., external) URLs by way....

Beware Ukraine-themed fundraising scams

Unfortunately scammers continue to focus on the invasion of Ukraine to make money. A flurry of bogus domains and scam techniques are spreading their wings. They appear to focus on donation fakeouts but there’s a few other nasty surprises lying in wait too. The lowest of the low There are few lower....

WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin <= 1.7 - Arbitrary Plugin Activation vulnerability

Arbitrary Plugin Activation vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin (versions &lt;= 1.7). Solution Update the WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin to the...

WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin <= 1.7 - Arbitrary Plugin Installation vulnerability

Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet (NinTechNet) in WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin (versions &lt;= 1.7). Solution Update the WordPress Cryptocurrency Donation Box – Bitcoin & Crypto Donations plugin to the...

Stripe: Bypass global deny-lists by wrapping domains using "[]" in https://github.com/stripe/smokescreen

The Smokescreen proxy is an open source project written and maintained by Stripe to restrict the URLs that internal services can connect to. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of our...

Donorbox < 7.1.7 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed PoC Put the following payload in the Campaign URL settings of the plugin:...

WordPress Donorbox-Donation-Form 7.1.6 Cross Site Scripting

...

LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly

A low-dependency command-line tool for generating reverse shell payloads on the fly. Description LAZYPARIAH is a simple and easily installable command-line tool written in pure Ruby that can be used during penetration tests and capture-the-flag (CTF) competitions to generate a range of reverse...

WordPress Donorbox plugin <= 7.1.6 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting (XSS) vulnerability was discovered by Hassan Khan Yusufzai (Splint3r7) in the WordPress Donorbox plugin (versions &lt;= 7.1.6). Solution Update the WordPress Donorbox plugin to the latest available version (at least...

First depositor can break minting of shares

Lines of code Vulnerability details Details The attack vector and impact is the same as TOB-YEARN-003, where users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”. Proof of Concept Attacker deposits 2 wei (so that it...

WordPress Accept Stripe Payments plugin <= 2.0.53 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Accept Stripe Payments plugin (versions &lt;= 2.0.53). Solution Update the WordPress Accept Stripe Payments plugin to the latest available version (at least...

Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers

Looking to cyber-hassle Russia, Ukrainian sympathizers? Be careful — malware is making the rounds, disguised as a pro-Ukraine cyber-tool that will turn around and bite you instead, researchers are warning. In a Wednesday threat advisory, Cisco Talos described a campaign it’s observed in which a...

Code injection in Stripe CLI on windows

Impact A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linux are unaffected. An attacker who successfully exploits the...

Code injection in Stripe CLI on windows

Impact A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linux are unaffected. An attacker who successfully exploits the...

Arbitrary Code Execution

github.com/stripe/stripe-cli is vulnerable to arbitrary code execution. An attacker can inject and execute malicious commands through the stripe login, stripe config -e, stripe community, and stripe open in...

CVE-2022-24753

Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linux....

CVE-2022-24753

Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linux....

Code injection

Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linux....

CVE-2022-24753 Code injection in Stripe CLI on windows

Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are stripe login, stripe config -e, stripe community, and stripe open. MacOS and Linux....

When fake dating profiles try the military approach

I’ve run into many romance scams over the years. You’ll find them lurking on social media, instant messaging, chatrooms/forums, and many more besides. They’re particularly popular during times of war or natural disaster, as they often dovetail into donation and charity scams. The icing on the cake....

Security update for the Linux Kernel (important)

An update that solves 6 vulnerabilities, contains three features and has 56 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer...

Security update for the Linux Kernel (important)

An update that solves 6 vulnerabilities, contains three features and has 50 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. Transient execution side-channel attacks attacking the Branch History Buffer...

Osmedeus - A Workflow Engine For Offensive Security

A Workflow Engine For Offensive Security Installation NOTE that you need some essential tools like curl, wget, git, zip and login as root to start bash -c "$(curl -fsSL https://raw.githubusercontent.com/osmedeus/osmedeus-base/master/install.sh)" Build the engine from source Make sure you...

donation-tracker.de Improper Access Control vulnerability OBB-2410129

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Don’t fall for the “Donate to help children in Ukraine” scam

Earlier this week, we spotted a Microsoft sign-in phish that appeared to be taking advantage of the Ukraine crisis in order to scam people. The email warned of unauthorized log in attempts to the recipient's account, and the location of those attempts was listed as "Russia/Moscow". We probably...

WordPress GiveWP Plugin < 2.17.3 Multiple Vulnerabilities

The WordPress...

Unauthorised AJAX Calls via Freemius

The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle....

WordPress Stripe Express plugin < 1.7.7 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Stripe Express plugin (versions &lt; 1.7.7). Solution Update the WordPress Stripe Express plugin to the latest available version (at least...

WordPress China Payments plugin <= 2.3.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress China Payments plugin (versions &lt;= 2.3.6). Solution Update the WordPress China Payments plugin to the latest available version (at least...

Unauthorised AJAX Calls via Freemius

The plugins and themes use an insecure version of the Freemius Framework, which is lacking CSRF and/or authorisation in some of its AJAX actions. As a result, any authenticated users, such as subscriber could access the debug logs. Unauthenticated attackers could also make a logged in admin toggle....