Open Source Social Network 6.3 — Authenticated Unrestricted File Upload (Theme)

Description

Proof of Concept

First, log in as admin on the administrator page.

http://<IP>/ossn/administrator

Proceed towards to menu Themes > installer.

http://<IP>/ossn/administrator/theme_installer

Download the theme to our local machine. In this case, I’m using the Fake book theme.

https://www.opensource-socialnetwork.org/component/view/2243/fake-book

When unzipping the theme that we download, we will find the ossn_theme.php file in the directory of the theme.

It looks like we can change the content of the ossn_theme.php file to PHP reverse shell.

Next, Generate the PHP reverse shell in type PHP PentestMonkey from www.revshells.com.

Edit content of ossn_theme.php to PHP reverse shell.

Create an archive in type zip that contains the directory of themes.

Proceed towards to menu Themes > installer and click on the Browse button.

http://<IP>/ossn/administrator/theme_installer

Choose the archive that we create.

Next, let’s click on the Upload button.

Now, our theme with the malicious files is all ready to use.

Using netcat to listen for TCP connections on port 443.

Direct access to ossn_theme.php file that we edit the content to PHP reverse shell via the link following.

http://<IP>/ossn/themes/facebook/ossn_theme.php

http://<IP>/ossn/themes/facebook/ossn_theme.php

Bravo!, We get the system shell on the web server which uses Open Source Social Network 6.3.

Author

Grim The Ripper Team by SOSECURE Thailand

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
GrimTheRipper

GrimTheRipper

You get the best out of others when you give the best of yourself