.. / CVE-2014-6308

Exploit for Osclass Security Advisory 3.4.1 - Local File Inclusion (CVE-2014-6308)

Description:

A directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.

Nuclei Template

View the template here CVE-2014-6308.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2014/CVE-2014-6308.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2014-6308
https://www.netsparker.com/lfi-vulnerability-in-osclass/
https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html
http://blog.osclass.org/2014/09/15/osclass-3-4-2-ready-download/
https://github.com/osclass/Osclass/commit/c163bf5910d0d36424d7fc678da6b03a0e443435

.. / CVE-2014-6308 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Osclass Security Advisory 3.4.1 - Local File Inclusion (CVE-2014-6308)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2014-6308