OCSinventory-ng version 1.x suffers from cross site scripting and remote SQL injection vulnerabilities.
df43edcf1e89cefe033d2a8fb1206d01614d73151d22babbd61a0efafd3912b4
OCSinventory-ng
Multiple remote vulnerabalities as ben descovered in OCS Inventory NG Management server, sql inyeccion and xss
This vulneravility afect version 1.x
[Name]
OCS Inventory
[vendor]
http://www.ocsinventory-ng.org/<http://www.eclac.org/>
[Download]
http://www.ocsinventory-ng.org/index.php?page=1-02-1<http://www.comerciosonline.com/index.php?p=8>
[Category]
web server aplication
[OS afected]
Linux - Windows
------------------------------
-----------------------------------------------------------------------------------------
Vulnerability
[Category]
Cros site scriptting (XSS), SQL Iny.
[Affect Version]
1.x
[Discovered]
22/01/2010
[Reported]
22/01/2010
[Author]
Hernan Jais
[Mail]
hernanjais1[at]gmail[dot]com
[Web]
www.dhcsecurity.com.ar<http://www.dhcsecurity.com.ar/>
[POC]
SQL INY GET variables
http://localhost/ocsreports/index.php?&cuaff=NA&key=1&lareq=Computadores+que+tienen+una+etiqueta+dada&c=[SQL INY]&rev=1&page=1<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=>
SQL INY POST variables paginator
http://localhost/ocsreports/index.php?multi=1
POST: chm_0=useragent&lbl_0=Agente%
2Bde%2Busuario&ega_0=IGUAL&val_0=OCS-NG_windows_client_v4054&act_1=on&chm_1=ipaddr&lbl_1=Direcci%25F3n%2BIP&ega_1=IGUAL[XSS]&val_1=+[SQL INY]&max=2&sub=Buscar
http://localhost/ocsreports/index.php?multi=36<http://172.21.5.74/ocsreports/index.php?multi=36>
POST: onglet_bis=A[SQL INY]&old_onglet_bis=C&pcparpage=20&page=0&old_pcparpage=20&search=&COMPAR=%3C&NBRE=&OLD_ONGLET=C
XSS
http://localhost/ocsreports/index.php?&[XSS]<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=>cuaff=NA&[XSS]<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=>key=1&[XSS]<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=>lareq=Computadores+que+tienen+una+etiqueta+dada&[XSS]<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=>c=h.memory&[XSS]<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=>a=1&[XSS]<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=>rev=1&[XSS]<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=>page=1[XSS]<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=>
-------------------------------------------------------------------------------------------------------------------