OCS Inventory NG 2.0.1 Persistent XSS

Risk: Low
Local: No
Remote: Yes

CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

OCS Inventory NG 2.0.1 - Persistent XSS (CVE-2011-4024) ------------------------------------------------------- Software : Open Computer and Software (OCS) Inventory NG Download : http://www.ocsinventory-ng.org/ Discovered by : Nicolas DEROUET (nicolas.derouet[gmail]com) Discover : 2011-10-04 Published : 2011-10-05 Version : 2.0.1 and prior Impact : Persistent XSS Remote : Yes (No authentication is needed) CVE-ID : CVE-2011-4024 Info ---- Open Computer and Software (OCS) Inventory Next Generation (NG) is an application designed to help a network or system administrator keep track of the computers configuration and software that are installed on the network. Details ------- The vulnerability is in the data sent by the agent OCS. The inventory service and the admin panel does not control the data received. An attacker could inject malicous HTML/JS through into the inventory information (eg. the computer description field under WinXP). This data is printed in the admin panel wich can lead to a session hijack or whatever you want. PoC --- 1. Enter the XSS script (eg. <script>alert(String.fromCharCode(88,83,83))</script>) in the computer description field. (WinXP > System Properties > Computer Name > Computer Description) 2. Launch an inventory with OCS Agent 3. Go on the admin panel (http://SERVER/ocsreports/) 4. View your computer detail Tested on : OCS Agent 2.0.1 (WinXP SP3) and OCS Server 2.0.1 (Windows). Not tested on : Linux Plateform and GLPI (OCS import) Solution -------- Upgrade to OCS Inventory NG 2.0.2



Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com


Back to Top