CVE-2020-10560

An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.

Recent assessments:

kevthehermit at April 02, 2020 6:38pm UTC reported:

This was my first CVE :)

This is an Unauthenticated Arbitrary File Read vulnerability in all versions of The Open Source Social Network prior to 5.3 This includes the Open source and commercial versions.

Attacker value stays low as there is not a large population using this application ~ 500,000 downloads and the first phase of the attack can take several hours.

Phase 1 You need the Site Key. The site key is cryptographically weak and If you can get any cipher text you can recover the key in less than 14 hours on a standard laptop.
If you are unable to gain access as a standard user you can get crypto material from other locations but the PoC is designed for the user strings.

Once the Site Key has been recovered you can use the python script to read any file (in the context of the application) from disk. This includes database credentials and site configurations that can allow for admin access to the site. From here you can gain a full shell using a PHP plugin upload.

Full details can be found – <https://techanarchy.net/pages/blog/cve-2020-10560-ossn-arbitrary-file-read&gt;

Assessed Attacker Value: 1
Assessed Attacker Value: 1Assessed Attacker Value: 3