diff openaudit-rc/admin_config_data.php openaudit-patched//admin_config_data.php 107c107 < $sql = "SELECT * FROM ldap_paths WHERE ldap_paths_connection_id='".$ConnectionGuid."'"; --- > $sql = "SELECT * FROM ldap_paths WHERE ldap_paths_connection_id='".mysql_real_escape_string($ConnectionGuid)."'"; 239,240c239,240 < $sql = "UPDATE `ldap_connections` SET `ldap_connections_nc`='".$domain_nc."',`ldap_connections_fqdn`='".$fqdn."',"; < $sql .= "`ldap_connections_server`='".$_GET["ldap_connection_server"]."',`ldap_connections_user`=AES_ENCRYPT('".$_GET["ldap_connection_user"]."','".$aes_key."'),"; --- > $sql = "UPDATE `ldap_connections` SET `ldap_connections_nc`='".mysql_real_escape_string($domain_nc)."',`ldap_connections_fqdn`='".mysql_real_escape_string($fqdn)."',"; > $sql .= "`ldap_connections_server`='".mysql_real_escape_string($_GET["ldap_connection_server"])."',`ldap_connections_user`=AES_ENCRYPT('".$_GET["ldap_connection_user"]."','".$aes_key."'),"; 242c242 < $sql .= "WHERE ldap_connections_id='".$_GET["ldap_connection_id"]."'"; --- > $sql .= "WHERE ldap_connections_id='".mysql_real_escape_string($_GET["ldap_connection_id"])."'"; 249c249 < $sql .= "VALUES ('".$domain_nc."','".$fqdn."','".$_GET["ldap_connection_server"]."',"; --- > $sql .= "VALUES ('".mysql_real_escape_string($domain_nc)."','".mysql_real_escape_string($fqdn)."','".mysql_real_escape_string($_GET["ldap_connection_server"])."',"; 347c347 < AND ldap_connections.ldap_connections_id='".$_GET["ldap_connection_id"]."'"; --- > AND ldap_connections.ldap_connections_id='".mysql_real_escape_string($_GET["ldap_connection_id"])."'"; 355c355 < AND ldap_connections.ldap_connections_id='".$_GET["ldap_connection_id"]."'"; --- > AND ldap_connections.ldap_connections_id='".mysql_real_escape_string($_GET["ldap_connection_id"])."'"; 362c362 < AND ldap_connections.ldap_connections_id='".$_GET["ldap_connection_id"]."'"; --- > AND ldap_connections.ldap_connections_id='".mysql_real_escape_string($_GET["ldap_connection_id"])."'"; 367c367 < WHERE ldap_connections.ldap_connections_id='".$_GET["ldap_connection_id"]."'"; --- > WHERE ldap_connections.ldap_connections_id='".mysql_real_escape_string($_GET["ldap_connection_id"])."'"; 396c396 < WHERE ldap_connections_id='".$_GET["ldap_connection_id"]."'"; --- > WHERE ldap_connections_id='".mysql_real_escape_string($_GET["ldap_connection_id"])."'"; 434c434 < $sql = "SELECT ldap_connections_nc FROM ldap_connections WHERE ldap_connections_id='".$_GET["ldap_connection_id"]."'"; --- > $sql = "SELECT ldap_connections_nc FROM ldap_connections WHERE ldap_connections_id='".mysql_real_escape_string($_GET["ldap_connection_id"])."'"; 493c493 < $sql = "SELECT ldap_paths_dn, ldap_paths_audit FROM ldap_paths WHERE ldap_paths_id=".$_GET["ldap_path_id"]; --- > $sql = "SELECT ldap_paths_dn, ldap_paths_audit FROM ldap_paths WHERE ldap_paths_id=".intval($_GET["ldap_path_id"]); 538c538 < AND ldap_paths.ldap_paths_id='".$_GET["ldap_path_id"]."'"; --- > AND ldap_paths.ldap_paths_id='".mysql_real_escape_string($_GET["ldap_path_id"])."'"; 545c545 < AND ldap_paths.ldap_paths_id='".$_GET["ldap_path_id"]."'"; --- > AND ldap_paths.ldap_paths_id='".mysql_real_escape_string($_GET["ldap_path_id"])."'"; 549c549 < $sql = "DELETE FROM ldap_paths WHERE ldap_paths.ldap_paths_id='".$_GET["ldap_path_id"]."'"; --- > $sql = "DELETE FROM ldap_paths WHERE ldap_paths.ldap_paths_id='".mysql_real_escape_string($_GET["ldap_path_id"])."'"; 556c556 < ?> \ No newline at end of file --- > ?> Common subdirectories: openaudit-rc/backup and openaudit-patched//backup diff openaudit-rc/delete_other.php openaudit-patched//delete_other.php 6c6,7 < --- > > $other = mysql_real_escape_string($_GET['other']); 10c11 < $query = "DELETE FROM other WHERE other_id = '" . $_GET['other'] . "'"; --- > $query = "DELETE FROM other WHERE other_id = '" . $other . "'"; diff openaudit-rc/delete_system.php openaudit-patched//delete_system.php 9c9,12 < $query = "select system_name from system where system_uuid='" . $_GET['pc'] . "'"; --- > > $pc = mysql_real_escape_string($_GET['pc']); > > $query = "select system_name from system where system_uuid='" . $pc . "'"; 14c17 < $query = "DELETE FROM battery WHERE battery_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM battery WHERE battery_uuid = '" . $pc . "'"; 17c20 < $query = "DELETE FROM bios WHERE bios_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM bios WHERE bios_uuid = '" . $pc . "'"; 20c23 < $query = "DELETE FROM browser_helper_objects WHERE bho_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM browser_helper_objects WHERE bho_uuid = '" . $pc . "'"; 23c26 < $query = "DELETE FROM firewall_auth_app WHERE firewall_app_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM firewall_auth_app WHERE firewall_app_uuid = '" . $pc . "'"; 26c29 < $query = "DELETE FROM firewall_ports WHERE port_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM firewall_ports WHERE port_uuid = '" . $pc . "'"; 29c32 < $query = "DELETE FROM firewire WHERE fw_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM firewire WHERE fw_uuid = '" . $pc . "'"; 32c35 < $query = "DELETE FROM floppy WHERE floppy_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM floppy WHERE floppy_uuid = '" . $pc . "'"; 35c38 < $query = "DELETE FROM graphs_disk WHERE disk_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM graphs_disk WHERE disk_uuid = '" . $pc . "'"; 38c41 < $query = "DELETE FROM groups WHERE groups_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM groups WHERE groups_uuid = '" . $pc . "'"; 41c44 < $query = "DELETE FROM hard_drive WHERE hard_drive_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM hard_drive WHERE hard_drive_uuid = '" . $pc . "'"; 44c47 < $query = "DELETE FROM iis WHERE iis_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM iis WHERE iis_uuid = '" . $pc . "'"; 47c50 < $query = "DELETE FROM iis_ip WHERE iis_ip_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM iis_ip WHERE iis_ip_uuid = '" . $pc . "'"; 50c53 < $query = "DELETE FROM iis_vd WHERE iis_vd_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM iis_vd WHERE iis_vd_uuid = '" . $pc . "'"; 53c56 < $query = "DELETE FROM invoice WHERE invoice_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM invoice WHERE invoice_uuid = '" . $pc . "'"; 56c59 < $query = "DELETE FROM keyboard WHERE keyboard_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM keyboard WHERE keyboard_uuid = '" . $pc . "'"; 59c62 < $query = "DELETE FROM manual_software WHERE man_soft_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM manual_software WHERE man_soft_uuid = '" . $pc . "'"; 62c65 < $query = "DELETE FROM mapped WHERE mapped_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM mapped WHERE mapped_uuid = '" . $pc . "'"; 65c68 < $query = "DELETE FROM media WHERE media_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM media WHERE media_uuid = '" . $pc . "'"; 68c71 < $query = "DELETE FROM memory WHERE memory_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM memory WHERE memory_uuid = '" . $pc . "'"; 71c74 < $query = "DELETE FROM modem WHERE modem_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM modem WHERE modem_uuid = '" . $pc . "'"; 74c77 < $query = "DELETE FROM monitor WHERE monitor_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM monitor WHERE monitor_uuid = '" . $pc . "'"; 77c80 < $query = "DELETE FROM mouse WHERE mouse_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM mouse WHERE mouse_uuid = '" . $pc . "'"; 80c83 < $query = "DELETE FROM ms_keys WHERE ms_keys_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM ms_keys WHERE ms_keys_uuid = '" . $pc . "'"; 83c86 < $query = "DELETE FROM network_card WHERE net_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM network_card WHERE net_uuid = '" . $pc . "'"; 86c89 < $query = "DELETE FROM nmap_ports WHERE nmap_other_id = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM nmap_ports WHERE nmap_other_id = '" . $pc . "'"; 89c92 < $query = "DELETE FROM notes WHERE notes_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM notes WHERE notes_uuid = '" . $pc . "'"; 92c95 < $query = "DELETE FROM optical_drive WHERE optical_drive_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM optical_drive WHERE optical_drive_uuid = '" . $pc . "'"; 95c98 < $query = "DELETE FROM partition WHERE partition_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM partition WHERE partition_uuid = '" . $pc . "'"; 98c101 < $query = "DELETE FROM passwords WHERE passwords_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM passwords WHERE passwords_uuid = '" . $pc . "'"; 101c104 < $query = "DELETE FROM processor WHERE processor_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM processor WHERE processor_uuid = '" . $pc . "'"; 104c107 < $query = "DELETE FROM scsi_controller WHERE scsi_controller_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM scsi_controller WHERE scsi_controller_uuid = '" . $pc . "'"; 107c110 < $query = "DELETE FROM scsi_device WHERE scsi_device_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM scsi_device WHERE scsi_device_uuid = '" . $pc . "'"; 110c113 < $query = "DELETE FROM service WHERE service_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM service WHERE service_uuid = '" . $pc . "'"; 113c116 < $query = "DELETE FROM shares WHERE shares_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM shares WHERE shares_uuid = '" . $pc . "'"; 116c119 < $query = "DELETE FROM software WHERE software_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM software WHERE software_uuid = '" . $pc . "'"; 119c122 < $query = "DELETE FROM sound WHERE sound_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM sound WHERE sound_uuid = '" . $pc . "'"; 122c125 < $query = "DELETE FROM startup WHERE startup_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM startup WHERE startup_uuid = '" . $pc . "'"; 125c128 < $query = "DELETE FROM system WHERE system_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM system WHERE system_uuid = '" . $pc . "'"; 128c131 < $query = "DELETE FROM system_audits WHERE system_audits_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM system_audits WHERE system_audits_uuid = '" . $pc . "'"; 131c134 < $query = "DELETE FROM system_man WHERE system_man_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM system_man WHERE system_man_uuid = '" . $pc . "'"; 137c140 < $query = "DELETE FROM tape_drive WHERE tape_drive_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM tape_drive WHERE tape_drive_uuid = '" . $pc . "'"; 140c143 < $query = "DELETE FROM usb WHERE usb_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM usb WHERE usb_uuid = '" . $pc . "'"; 143c146 < $query = "DELETE FROM users WHERE users_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM users WHERE users_uuid = '" . $pc . "'"; 146c149 < $query = "DELETE FROM video WHERE video_uuid = '" . $_GET['pc'] . "'"; --- > $query = "DELETE FROM video WHERE video_uuid = '" . $pc . "'"; Common subdirectories: openaudit-rc/images and openaudit-patched//images Common subdirectories: openaudit-rc/images-systems and openaudit-patched//images-systems diff openaudit-rc/include_lang.php openaudit-patched//include_lang.php 3c3,7 < $language_file="./lang/".$GLOBALS["language"].".inc"; --- > $language_file=realpath("./lang/".$GLOBALS["language"].".inc"); > $language_dir = getcwd() . "/lang/"; > if(strncmp($language_file, $language_dir, strlen($language_dir)) != 0) { > die("Directory Traversal attempt Detected!"); > } 7c11 < die("Language-File not found: ".$language_file); --- > die("Language-File not found: ".htmlentities($language_file)); Common subdirectories: openaudit-rc/javascript and openaudit-patched//javascript Common subdirectories: openaudit-rc/lang and openaudit-patched//lang Common subdirectories: openaudit-rc/lib and openaudit-patched//lib diff openaudit-rc/list.php openaudit-patched//list.php 24c24 < $include_filename = "list_viewdef_".$_REQUEST["view"].".php"; --- > $include_filename = realpath(getcwd() . "/list_viewdef_".$_REQUEST["view"].".php"); 26c26 < $include_filename = "list_viewdef_all_systems.php"; --- > $include_filename = realpath(getcwd() . "/list_viewdef_all_systems.php"); 27a28,33 > > $view_dir = getcwd(); > if(strncmp($include_filename, $view_dir, strlen($view_dir)) != 0) { > die("Directory Traversal attempt Detected!"); > } > Common subdirectories: openaudit-rc/OpenOffice and openaudit-patched//OpenOffice Common subdirectories: openaudit-rc/scripts and openaudit-patched//scripts diff openaudit-rc/system_export.php openaudit-patched//system_export.php 86c86 < #$pdf=header_footer($pdf); --- > $pdf=header_footer($pdf); 120c120 < $include_filename = "system_viewdef_".$_REQUEST["view"].".php"; --- > $include_filename = getcwd() . "system_viewdef_".$_REQUEST["view"].".php"; 123a124,130 > > $include_dir = getcwd(); > if(strncmp($include_filename, $include_dir, strlen($language_dir)) != 0) { > die("Directory Traversal attempt Detected!"); > } > > diff openaudit-rc/system_post.php openaudit-patched//system_post.php 17c17 < $sql = "UPDATE other SET other_network_name = '" . $_REQUEST['other_network_name'] . "',"; --- > $sql = "UPDATE other SET other_network_name = '" . mysql_real_escape_string($_REQUEST['other_network_name']) . "',"; 19,30c19,30 < $sql .= " other_mac_address = '" . $_REQUEST['other_mac_address'] . "',"; < $sql .= " other_p_port_name = '" . $_REQUEST['other_p_port_name'] . "',"; < $sql .= " other_description = '" . $_REQUEST['other_description'] . "',"; < $sql .= " other_serial = '" . $_REQUEST['other_serial'] . "',"; < $sql .= " other_manufacturer = '" . $_REQUEST['other_manufacturer'] . "',"; < $sql .= " other_model='" . $_REQUEST['other_model'] . "',"; < $sql .= " other_type='" . $_REQUEST['other_type'] . "',"; < $sql .= " other_location='" . $_REQUEST['other_location'] . "',"; < $sql .= " other_date_purchased='" . $_REQUEST['other_date_purchased'] . "',"; < $sql .= " other_value='" . $_REQUEST['other_value'] . "',"; < $sql .= " other_linked_pc='" . $_REQUEST['other_linked_pc'] . "' "; < $sql .= " WHERE other_id='" . $_REQUEST['other'] . "'"; --- > $sql .= " other_mac_address = '" . mysql_real_escape_string($_REQUEST['other_mac_address']) . "',"; > $sql .= " other_p_port_name = '" . mysql_real_escape_string($_REQUEST['other_p_port_name']) . "',"; > $sql .= " other_description = '" . mysql_real_escape_string($_REQUEST['other_description']) . "',"; > $sql .= " other_serial = '" . mysql_real_escape_string($_REQUEST['other_serial']) . "',"; > $sql .= " other_manufacturer = '" . mysql_real_escape_string($_REQUEST['other_manufacturer']) . "',"; > $sql .= " other_model='" . mysql_real_escape_string($_REQUEST['other_model']) . "',"; > $sql .= " other_type='" . mysql_real_escape_string($_REQUEST['other_type']) . "',"; > $sql .= " other_location='" . mysql_real_escape_string($_REQUEST['other_location']) . "',"; > $sql .= " other_date_purchased='" . mysql_real_escape_string($_REQUEST['other_date_purchased']) . "',"; > $sql .= " other_value='" . mysql_real_escape_string($_REQUEST['other_value']) . "',"; > $sql .= " other_linked_pc='" . mysql_real_escape_string($_REQUEST['other_linked_pc']) . "' "; > $sql .= " WHERE other_id='" . mysql_real_escape_string($_REQUEST['other']) . "'"; 38,43c38,43 < $sql .= " monitor_uuid = '" . $_REQUEST['monitor_uuid'] . "', "; < $sql .= " monitor_date_purchased = '" . $_REQUEST['monitor_date_purchased'] . "', "; < $sql .= " monitor_purchase_order_number = '" . $_REQUEST['monitor_purchase_order_number'] . "', "; < $sql .= " monitor_value = '" . $_REQUEST['monitor_value'] . "', "; < $sql .= " monitor_description = '" . $_REQUEST['monitor_description'] . "' "; < $sql .= " WHERE monitor_id = '" . $_REQUEST['monitor'] . "' "; --- > $sql .= " monitor_uuid = '" . mysql_real_escape_string($_REQUEST['monitor_uuid']) . "', "; > $sql .= " monitor_date_purchased = '" . mysql_real_escape_string($_REQUEST['monitor_date_purchased']) . "', "; > $sql .= " monitor_purchase_order_number = '" . mysql_real_escape_string($_REQUEST['monitor_purchase_order_number']) . "', "; > $sql .= " monitor_value = '" . mysql_real_escape_string($_REQUEST['monitor_value']) . "', "; > $sql .= " monitor_description = '" . mysql_real_escape_string($_REQUEST['monitor_description']) . "' "; > $sql .= " WHERE monitor_id = '" . mysql_real_escape_string($_REQUEST['monitor']) . "' "; 51,56c51,56 < $sql .= "`system_man_value` = '" . $_REQUEST['system_man_value'] . "', "; < $sql .= "`system_man_description` = '" . $_REQUEST['system_man_description'] . "', "; < $sql .= "`system_man_location` = '" . $_REQUEST['system_man_location'] . "', "; < $sql .= "`system_man_serial_number` = '" . $_REQUEST['system_man_serial_number'] . "', "; < $sql .= "`system_man_date_of_purchase` = '" . $_REQUEST['system_man_date_of_purchase'] . "'"; < $sql .= " WHERE `system_man_uuid` = '" . $_REQUEST['pc'] . "' "; --- > $sql .= "`system_man_value` = '" . mysql_real_escape_string($_REQUEST['system_man_value']) . "', "; > $sql .= "`system_man_description` = '" . mysql_real_escape_string($_REQUEST['system_man_description']) . "', "; > $sql .= "`system_man_location` = '" . mysql_real_escape_string($_REQUEST['system_man_location']) . "', "; > $sql .= "`system_man_serial_number` = '" . mysql_real_escape_string($_REQUEST['system_man_serial_number']) . "', "; > $sql .= "`system_man_date_of_purchase` = '" . mysql_real_escape_string($_REQUEST['system_man_date_of_purchase']) . "'"; > $sql .= " WHERE `system_man_uuid` = '" . mysql_real_escape_string($_REQUEST['pc']) . "' "; 74c74 < $sql .= "`auth_username` = '" . $_REQUEST['auth_username'] . "', "; --- > $sql .= "`auth_username` = '" . mysql_real_escape_string($_REQUEST['auth_username']) . "', "; 76,79c76,79 < $sql .= "`auth_realname` = '" . $_REQUEST['auth_realname'] . "', "; < $sql .= "`auth_enabled` = '" . $_REQUEST['auth_enabled'] . "', "; < $sql .= "`auth_admin` = '" . $_REQUEST['auth_admin'] . "'"; < $sql .= " WHERE `auth_id` = '" . $_REQUEST['user'] . "' "; --- > $sql .= "`auth_realname` = '" . mysql_real_escape_string($_REQUEST['auth_realname']) . "', "; > $sql .= "`auth_enabled` = '" . mysql_real_escape_string($_REQUEST['auth_enabled']) . "', "; > $sql .= "`auth_admin` = '" . mysql_real_escape_string($_REQUEST['auth_admin']) . "'"; > $sql .= " WHERE `auth_id` = '" . mysql_real_escape_string($_REQUEST['user']) . "' "; Common subdirectories: openaudit-rc/Tutorials and openaudit-patched//Tutorials diff openaudit-rc/upgrade.php openaudit-patched//upgrade.php 26a27 > include "include.php";