Hello,
I want to report several high risk vulnerabilities in the latest release of Oxwall. These include: Remote Code Execution (RCE), Cross-Site Request Forgery (CSRF/XSRF) and Persistent Cross-Site Scripting (XSS).
Please reply to my two e-mails I've sent previously that I didn't got any response to. There will be an official advisory release for these issues.
Thanks,
We build. You grow.
Get best community software hereStart a social network, a fan-site, an education project with oxwall - free opensource community software
Multiple vulnerabilities in Oxwall 1.7.0 (build 7907) | Forum
Team ross
Jul 24 '14
Liquid, on which e-mail you sent messages? as to the risk vulnerabilites, can you please provide examples or exact spot in the code? that would be great.
LiquidWorm
Jul 24 '14
I've sent e-mails from: http://www.oxwall.org/contact
Please contact lab@zeroscience.mk for further details.
Exact spot in the code:
--
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.xml|\.feed|robots\.txt|\.raw|/[^.]*)$ [NC]
--
Please contact lab@zeroscience.mk for further details.
Exact spot in the code:
--
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.xml|\.feed|robots\.txt|\.raw|/[^.]*)$ [NC]
--
Leader Kяuncн
Sep 29 '14
Not sure if recent discoveries of Vulnerabilities has been fixed/Addressed since 1.7.0 (build 7907 and 7906) but if not here is some information on these 2 discoveries at:
Multiple CSRF And HTML Injection Vulnerabilities
and
Remote Code Execution Exploit Open here|---> Oxwall 1.7.0 - Remote Code Execution Exploit
Multiple CSRF And HTML Injection Vulnerabilities
and
Remote Code Execution Exploit Open here|---> Oxwall 1.7.0 - Remote Code Execution Exploit
The Forum post is edited by Kяuncн Sep 29 '14
Team
Leader