OCS Inventory NG 1.02 - Multiple SQL Injections

2009-06-01T00:00:00

Description

OCS Inventory NG - Multiple SQL Injections (May 30 2009) _______________________________________________________________________________ * Product Open Computer and Software (OCS) Inventory NG (http://www.ocsinventory-ng.org/) * Vulnerable Versions OCS Inventory NG 1.02 (Unix) * Vendor Status Vendor has been notified and the vulnerability has been fixed. * Details The Open Computer and Software (OCS) Inventory Next Generation (NG) provides relevant inventory information about system configurations and software on the network. The server can be managed using a web interface. It was found that the application does not properly sanitize user input which results into multiple SQL injections. Affected are the following scripts: - download.php (parameters `N', `DL', `O' and `V') - group_show.php (parameter `SYSTEMID'); * Impact Attackers may be able to manipulate SQL statements in such a way that they can retrieve, create or modify information stored in the database. Furthermore, the SQL injection might allow attackers to get a foothold on the underlying system. * Exploit The vulnerability can be exploited by just using a web browser: http://example.org/ocsreports/download.php?n=1&dl=2&o=3&v=4'union+all+select+concat(id,':',passwd)+from+operators%23 _______________________________________________________________________________ http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_sql_injection.shtml Nico Leidecker - http://www.leidecker.info

{"id": "SECURITYVULNS:DOC:21920", "bulletinFamily": "software", "title": "OCS Inventory NG 1.02 - Multiple SQL Injections", "description": "OCS Inventory NG - Multiple SQL Injections (May 30 2009)\r\n_______________________________________________________________________________\r\n\r\n\r\n* Product\r\n\r\n Open Computer and Software (OCS) Inventory NG\r\n (http://www.ocsinventory-ng.org/)\r\n\r\n* Vulnerable Versions\r\n\r\n OCS Inventory NG 1.02 (Unix)\r\n\r\n\r\n* Vendor Status\r\n\r\n Vendor has been notified and the vulnerability has been fixed.\r\n\r\n\r\n* Details\r\n\r\n The Open Computer and Software (OCS) Inventory Next Generation (NG)\r\nprovides relevant inventory information about system configurations and\r\nsoftware on the network. The server can be managed using a web\r\ninterface. It was found that the application does not properly sanitize\r\nuser input which results into multiple SQL injections.\r\n\r\n Affected are the following scripts:\r\n\r\n - download.php (parameters `N', `DL', `O' and `V')\r\n - group_show.php (parameter `SYSTEMID');\r\n\r\n* Impact\r\n\r\n Attackers may be able to manipulate SQL statements in such a way that\r\nthey can retrieve, create or modify information stored in the database.\r\nFurthermore, the SQL injection might allow attackers to get a foothold\r\non the underlying system.\r\n\r\n* Exploit\r\n\r\n The vulnerability can be exploited by just using a web browser:\r\n\r\n \r\nhttp://example.org/ocsreports/download.php?n=1&dl=2&o=3&v=4'union+all+select+concat(id,':',passwd)+from+operators%23\r\n \r\n\r\n_______________________________________________________________________________\r\nhttp://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_sql_injection.shtml\r\nNico Leidecker - http://www.leidecker.info", "published": "2009-06-01T00:00:00", "modified": "2009-06-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21920", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:30", "edition": 1, "viewCount": 12, "enchantments": {"score": {"value": 1.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9952"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9952"]}]}, "exploitation": null, "vulnersScore": 1.0}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645348575, "score": 1659803227}, "_internal": {"score_hash": "ed0b0b7ecf4729452112f67860d0a274"}}