Latest YouTube Video
Saturday, November 14, 2015
[FD] Open Source Social Network 3.5: XSS
Security Advisory - Curesec Research Team 1. Introduction Affected Open Source Social Network 3.5 Product: Fixed in: 3.6 Fixed Version http://ift.tt/1MdcPPa Link: ossn-v3.6-1443545762.zip Vendor Contact: http://ift.tt/1NRZpup Vulnerability XSS Type: Remote Yes Exploitable: Reported to 09/29/2015 vendor: Disclosed to 11/13/2015 public: Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Overview There are two reflected XSS vulnerabilities in Open Source Social Network 3.5. With this, it is possible to inject JavaScript keyloggers, or to bypass CSRF protection, which in this case may lead to code execution. 3. XSS 1 CVSS Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Proof of Concept http://localhost/ossn/search?q='">Code /ossn/themes/default/plugins/menus/search.php $menus = $params['menu']; echo "
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment