CVE-2020-10560 PoC — Open Source Social Network 加密问题漏洞

Source

https://github.com/kevthehermit/CVE-2020-10560

Associated Vulnerability

Title:Open Source Social Network 加密问题漏洞 (CVE-2020-10560)
Description:Open Source Social Network（OSSN）是瑞士Ossn团队的一款源社交网络引擎。 OSSN 5.3及之前版本中存在加密问题漏洞。攻击者可通过对SiteKey实施暴力破解攻击来为components/OssnComments/ossn_com.php和/或libraries/ossn.lib.upgrade.php插入特制的URL利用该漏洞读取任意文件。

Description

CVE-2020-10560 OSSN Arbitrary File Read

Readme

# CVE-2020-10560
CVE-2020-10560 OSSN Arbitrary File Read

For details on how to use this repository refer to https://techanarchy.net/blog/cve-2020-10560-ossn-arbitrary-file-read

#### Starting
`docker-compose up --build`

#### Installing

Once the images are running, you can access the install page at 127.0.0.1 or 10.2.0.101

If you want to use BURP do not install on 127.0.0.1 as you will have issues with URLS redirecting. 

At the installaion page fill in all the details. You can read or edit the compose file for creds. 

- DB: ossn
- username: ossn
- password: ossn
- host: mysqlserver

#### Site key

Read the blog post!


#### POC

There is a PHP and a python script again refer to the blog post for deatils on how to use it.

File Snapshot


 [4.0K]  /data/pocs/ee8cf931be5ac7c376af94750ab5b3a23f51e003
├── [ 405]  000-default.conf
├── [ 724]  docker-compose.yml
├── [ 618]  Dockerfile
├── [1.0M]  ossn-5.2.tar.xz
├── [4.0K]  poc.php
├── [1.2K]  poc.py
└── [ 736]  README.md

0 directories, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!