Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31220
HistoryOct 15, 2014 - 12:00 a.m.

Osclass Security Advisory - LFI Vulnerability - CVE-2014-6308

2014-10-1500:00:00
vulners.com
33
JSON

Information

Advisory by Netsparker.
Name : LFI Vulnerability in OsClass
Affected Software : OsClass
Affected Versions: 3.4.1 and possibly below
Vendor Homepage : http://osclass.org/
Vulnerability Type : Local File Inclusion
Severity : Critical
CVE-ID: CVE-2014-6308
Netsparker Advisory Reference : NS-14-031

Advisory URL

https://www.netsparker.com/lfi-vulnerability-in-osclass/

Description

Local file inclusion vulnerability where discovered in Osclass, an
open source project that allows you to create a classifieds sites.

Technical Details

Proof of Concept URL for LFI in OsClass:

http://example.com/osclass/oc-admin/index.php?page=appearance&action=render&file=../../../../../../../../../../etc/passwd

Advisory Timeline

03/09/2014 - First Contact
03/09/2014 - Vulnerability fixed:
https://github.com/osclass/Osclass/commit/c163bf5910d0d36424d7fc678da6b03a0e443435
15/09/2014 - Fix released publicly in Osclass 3.4.2

Credits & Authors

These issues have been discovered by Omar Kurt while testing
Netsparker Web Application Security Scanner.

About Netsparker

Netsparker can find and report security issues and vulnerabilities
such as SQL Injection and Cross-site Scripting (XSS) in all websites
and web applications regardless of the platform and the technology
they are built on. Netsparker's unique detection and exploitation
techniques allows it to be dead accurate in reporting hence it's the
first and the only False Positive Free web application security
scanner. For more information on Netsparker visit
https://www.netsparker.com.

Related

cve 1
nuclei 1
exploitpack 1
packetstorm 1
prion 1
zdt 1
exploitdb 1
securityvulns 1
cve
cve
CVE-2014-6308
2014-10-20 14:55:00
nuclei
nuclei
Osclass Security Advisory 3.4.1 - Local File Inclusion
2021-07-21 01:05:30
exploitpack
exploitpack
OSClass 3.4.1 - index.php Local File Inclusion
2014-09-25 00:00:00
packetstorm
packetstorm
OsClass 3.4.1 Local File Inclusion
2014-09-17 00:00:00
prion
prion
Directory traversal
2014-10-20 14:55:00
zdt
zdt
OsClass 3.4.1 (index.php, file param) - Local File Inclusion Vulnerability
2014-09-25 00:00:00
exploitdb
exploitdb
OSClass 3.4.1 - 'index.php' Local File Inclusion
2014-09-25 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-10-15 00:00:00
JSON
Related for SECURITYVULNS:DOC:31220
cve1nuclei1exploitpack1packetstorm1prion1zdt1exploitdb1securityvulns1