lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CACf-1BXFDTORHQznEriKL9=2M46f=wTO7jazPMAzadWUBRgnmA@mail.gmail.com>
Date: Thu, 20 Oct 2011 14:03:05 +0200
From: Nicolas DEROUET <nicolas.derouet@...il.com>
To: bugtraq@...urityfocus.com
Subject: OCS Inventory NG 2.0.1 Persistent XSS (CVE-2011-4024)

OCS Inventory NG 2.0.1 Persistent XSS (CVE-2011-4024)
-------------------------------------------------------

Software      : Open Computer and Software (OCS) Inventory NG
Download      : http://www.ocsinventory-ng.org/
Discovered by : Nicolas DEROUET (nicolas.derouet[gmail]com)
Discover      : 2011-10-04
Published     : 2011-10-05
Version       : 2.0.1 and prior
Impact        : Persistent XSS
Remote        : Yes (No authentication is needed)
CVE-ID        : CVE-2011-4024


Info
----

Open Computer and Software (OCS) Inventory Next Generation (NG) is an
application designed to help a network or system administrator keep track
of the computers configuration and software that are installed on the network.


Details
-------

The vulnerability is in the data sent by the agent OCS. The inventory service
and the admin panel does not control the data received. An attacker could inject
malicous HTML/JS through into the inventory information (eg. the computer
description field under WinXP). This data is printed in the admin panel wich
can lead to a session hijack or whatever you want.


PoC
---

1. Enter the XSS script (eg.
<script>alert(String.fromCharCode(88,83,83))</script>)
   in the computer description field. (WinXP > System Properties > Computer
   Name > Computer Description)

2. Launch an inventory with OCS Agent

3. Go on the admin panel (http://SERVER/ocsreports/)

4. View your computer detail

Tested on     : OCS Agent 2.0.1 (WinXP SP3) and OCS Server 2.0.1 (Windows).
Not tested on : Linux Plateform and GLPI (OCS import)


Solution
--------

Upgrade to OCS Inventory NG 2.0.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ