Attacker Value
Very Low
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2020-10560

Disclosure Date: March 30, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.

Add Assessment

3
Ratings
Technical Analysis

This was my first CVE :)

This is an Unauthenticated Arbitrary File Read vulnerability in all versions of The Open Source Social Network prior to 5.3 This includes the Open source and commercial versions.

Attacker value stays low as there is not a large population using this application ~ 500,000 downloads and the first phase of the attack can take several hours.

Phase 1 You need the Site Key. The site key is cryptographically weak and If you can get any cipher text you can recover the key in less than 14 hours on a standard laptop.
If you are unable to gain access as a standard user you can get crypto material from other locations but the PoC is designed for the user strings.

Once the Site Key has been recovered you can use the python script to read any file (in the context of the application) from disk. This includes database credentials and site configurations that can allow for admin access to the site. From here you can gain a full shell using a PHP plugin upload.

Full details can be found – https://techanarchy.net/pages/blog/cve-2020-10560-ossn-arbitrary-file-read

CVSS V3 Severity and Metrics
Base Score:
5.9 Medium
Impact Score:
3.6
Exploitability Score:
2.2
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Vendors

  • opensource-socialnetwork

Products

  • open source social network

Additional Info

Technical Analysis