CVE-2020-10560 PoC — Open Source Social Network 加密问题漏洞

Source

https://github.com/alex-seymour/CVE-2020-10560-Key-Recovery

Associated Vulnerability

Title:Open Source Social Network 加密问题漏洞 (CVE-2020-10560)
Description:Open Source Social Network（OSSN）是瑞士Ossn团队的一款源社交网络引擎。 OSSN 5.3及之前版本中存在加密问题漏洞。攻击者可通过对SiteKey实施暴力破解攻击来为components/OssnComments/ossn_com.php和/或libraries/ossn.lib.upgrade.php插入特制的URL利用该漏洞读取任意文件。

Readme

# CVE-2020-10560 Key Recovery (AES)
This PoC recovers the `site_key` for OSSN 5.3 and above.

For more information see [http://techanarchy.net/blog/cve-2020-10560-ossn-arbitrary-file-read](http://techanarchy.net/blog/cve-2020-10560-ossn-arbitrary-file-read).

File Snapshot


 [4.0K]  /data/pocs/214b6dec3cf217d04533046cc3ca3c25a26e3b44
├── [4.0K]  base64
│   ├── [2.1K]  b64f.c
│   ├── [4.0K]  base64.c
│   ├── [1.6K]  base64.h
│   ├── [ 560]  BuildRun.bat
│   ├── [ 559]  buildrun.sh
│   ├── [1.1K]  LICENSE
│   ├── [ 27K]  picture.png
│   ├── [ 325]  README.md
│   └── [6.6K]  test.c
├── [ 27K]  crackfish
├── [4.7K]  crackfish.c
├── [ 143]  Makefile
├── [ 260]  README.md
└── [4.0K]  tiny-AES-c
    ├── [ 19K]  aes.c
    ├── [2.7K]  aes.h
    ├── [ 184]  aes.hpp
    ├── [ 167]  CMakeLists.txt
    ├── [2.0K]  conanfile.py
    ├── [1.2K]  index.html.tmp
    ├── [ 279]  library.json
    ├── [ 557]  library.properties
    ├── [1.2K]  Makefile
    ├── [4.2K]  README.md
    ├── [ 15K]  test.c
    ├── [  37]  test.cpp
    ├── [4.0K]  test_package
    │   └── [ 565]  index.html.tmp
    └── [1.2K]  unlicense.txt

3 directories, 27 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!