OSClass Directory Traversal and Arbitrary File Upload Vulnerabilities
BID:52336
Info
OSClass Directory Traversal and Arbitrary File Upload Vulnerabilities
| Bugtraq ID: | 52336 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1617 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 07 2012 12:00AM |
| Updated: | Mar 19 2015 07:35AM |
| Credit: | Filippo Cavallarin from CodSeq |
| Vulnerable: |
OSclass osclass 2.3.5 OSclass osclass 2.3.4 OSclass osclass 2.3.3 |
| Not Vulnerable: |
OSclass osclass 2.3.6 |
Discussion
OSClass Directory Traversal and Arbitrary File Upload Vulnerabilities
OSClass is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability.
An attacker can exploit these issues to obtain sensitive information and to upload arbitrary code and run it in the context of the webserver process.
OSClass 2.3.5 is vulnerable; prior versions may also be affected.
OSClass is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability.
An attacker can exploit these issues to obtain sensitive information and to upload arbitrary code and run it in the context of the webserver process.
OSClass 2.3.5 is vulnerable; prior versions may also be affected.
Exploit / POC
OSClass Directory Traversal and Arbitrary File Upload Vulnerabilities
An attacker can exploit these issues with a browser.
The following example exploits are available:
An attacker can exploit these issues with a browser.
The following example exploits are available:
Solution / Fix
OSClass Directory Traversal and Arbitrary File Upload Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
OSClass Directory Traversal and Arbitrary File Upload Vulnerabilities
References:
References: