Open Audit suffers from a remote SQL injection vulnerability.
5bcfc62474798ca66ef7622a1ebcfde6d125dc0189aaadd35a9cae62c7c6d4ceExploit Title : Open Audit(GPL version) SQL injection vulnerability
Author : WICS
Date : 9/12/2015
Software Link : https://github.com/jonabbey/open-audit
Overview:
delete_missed_audit.php is accessible without authentication and GET Method parameter pc is not getting filter before passing to SQL query.
Vulnerable code
if (isset($_GET['pc'])) {
$link = mysql_connect($mysql_server, $mysql_user, $mysql_password) or die("Could not connect");
mysql_select_db("$mysql_database") or die("Could not select database");
$query = "select system_name from system where system_uuid='" . $_GET['pc'] . "'";
$result = mysql_query($query) or die("Query failed at retrieve system name stage.");
$myrow = mysql_fetch_array($result);
$name = $myrow['system_name'];
POC
Vulnerable URL
https://github.com/jonabbey/open-audit/blob/master/delete_missed_audit.php?pc=SQL_Injection
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed