[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Sql injection in OCS Inventory NG Server 1.2.1

OCS Inventory NG Server 1.2.1


The Open Computer and Software (OCS) Inventory Next Generation (NG)
provides relevant inventory information about system configurations and
software on the network.

 Download : http://www.ocsinventory-ng.org/index.php?page=1-02-1
 Found by : Guilherme Marinheiro				
 Contact : gmcbr0@xxxxxxxxx 				  	
 Prequisite: Authenticated user				
 Remote exploitable:Yes (Authentication is needed)		

PoC :

Vulnerable Code:

script: machine.php

77 $queryMachine    = "SELECT * FROM hardware WHERE (ID=$systemid)";
78 $result   = mysql_query( $queryMachine, $_SESSION["readServer"] )
or mysql_error($_SESSION["readServer"]);
79 $item     = mysql_fetch_object($result);