Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Ocsinventory-ng ocs_inventory_ng 1.02.1 XSS SQL Injection
2010.04.30
Credit:
Hernan Jais
Risk:
High
Local:
No
Remote:
Yes
CVE:
CVE-2010-1594
|
CVE-2010-1595
CWE:
CWE-79
CWE-89
OCSinventory-ng Multiple remote vulnerabalities as ben descovered in OCS Inventory NG Management server, sql inyeccion and xss This vulneravility afect version 1.x [Name] OCS Inventory [vendor] http://www.ocsinventory-ng.org/<http://www.eclac.org/> [Download] http://www.ocsinventory-ng.org/index.php?page=1-02-1<http://www.comerciosonline.com/index.php?p=8> [Category] web server aplication [OS afected] Linux - Windows ------------------------------ ----------------------------------------------------------------------------------------- Vulnerability [Category] Cros site scriptting (XSS), SQL Iny. [Affect Version] 1.x [Discovered] 22/01/2010 [Reported] 22/01/2010 [Author] Hernan Jais [Mail] hernanjais1[at]gmail[dot]com [Web] www.dhcsecurity.com.ar<http://www.dhcsecurity.com.ar/> [POC] SQL INY GET variables http://localhost/ocsreports/index.php?&cuaff=NA&key=1&lareq=Computadores+que+tienen+una+etiqueta+dada&c=[SQL INY]&rev=1&page=1<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=> SQL INY POST variables paginator http://localhost/ocsreports/index.php?multi=1 POST: chm_0=useragent&lbl_0=Agente% 2Bde%2Busuario&ega_0=IGUAL&val_0=OCS-NG_windows_client_v4054&act_1=on&chm_1=ipaddr&lbl_1=Direcci%25F3n%2BIP&ega_1=IGUAL[XSS]&val_1=+[SQL INY]&max=2&sub=Buscar http://localhost/ocsreports/index.php?multi=36<http://172.21.5.74/ocsreports/index.php?multi=36> POST: onglet_bis=A[SQL INY]&old_onglet_bis=C&pcparpage=20&page=0&old_pcparpage=20&search=&COMPAR=%3C&NBRE=&OLD_ONGLET=C XSS http://localhost/ocsreports/index.php?&[XSS]<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=>cuaff=NA&[XSS]<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=>key=1&[XSS]<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=>lareq=Computadores+que+tienen+una+etiqueta+dada&[XSS]<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=>c=h.memory&[XSS]<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=>a=1&[XSS]<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=>rev=1&[XSS]<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=>page=1[XSS]<http://localhost/cgibin/RpWebEngine.exe/PortalAction?&MODE=MAIN&BASE=> -------------------------------------------------------------------------------------------------------------------
Referencje:
http://xforce.iss.net/xforce/xfdb/55872
http://secunia.com/advisories/38311
http://packetstormsecurity.org/1001-exploits/ocsinventoryng-sqlxss.txt
http://osvdb.org/61942
See this note in RAW Version
Tweet
Vote for this issue:
0
0
50%
50%
Thanks for you vote!
Thanks for you comment!
Your message is in quarantine 48 hours.
Comment it here.
Nick (*)
Email (*)
Video
Text (*)
(*) -
required fields.
Cancel
Submit
{{ x.nick }}
|
Date:
{{ x.ux * 1000 | date:'yyyy-MM-dd' }}
{{ x.ux * 1000 | date:'HH:mm' }}
CET+1
{{ x.comment }}
Show all comments
Copyright
2024
, cxsecurity.com
Back to Top
Polish
English