Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-10560 PoC — Open Source Social Network 加密问题漏洞

Source
https://github.com/alex-seymour/CVE-2020-10560-Key-Recovery
Associated Vulnerability
Title:Open Source Social Network 加密问题漏洞 (CVE-2020-10560)
Description:An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.
Readme
# CVE-2020-10560 Key Recovery (AES)
This PoC recovers the `site_key` for OSSN 5.3 and above.

For more information see [http://techanarchy.net/blog/cve-2020-10560-ossn-arbitrary-file-read](http://techanarchy.net/blog/cve-2020-10560-ossn-arbitrary-file-read).
File Snapshot

 [4.0K]  /data/pocs/214b6dec3cf217d04533046cc3ca3c25a26e3b44
├── [4.0K]  base64
│   ├── [2.1K]  b64f.c
│   ├── [4.0K]  base64.c
│   ├── [1.6K]  base64.h
│   ├── [ 560]  BuildRun.bat
│   ├── [ 559]  buildrun.sh
│   ├── [1.1K]  LICENSE
│   ├── [ 27K]  picture.png
│   ├── [ 325]  README.md
│   └── [6.6K]  test.c
├── [ 27K]  crackfish
├── [4.7K]  crackfish.c
├── [ 143]  Makefile
├── [ 260]  README.md
└── [4.0K]  tiny-AES-c
    ├── [ 19K]  aes.c
    ├── [2.7K]  aes.h
    ├── [ 184]  aes.hpp
    ├── [ 167]  CMakeLists.txt
    ├── [2.0K]  conanfile.py
    ├── [1.2K]  index.html.tmp
    ├── [ 279]  library.json
    ├── [ 557]  library.properties
    ├── [1.2K]  Makefile
    ├── [4.2K]  README.md
    ├── [ 15K]  test.c
    ├── [  37]  test.cpp
    ├── [4.0K]  test_package
    │   └── [ 565]  index.html.tmp
    └── [1.2K]  unlicense.txt

3 directories, 27 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →