BugTraq
Open Audit SQL Injection Vulnerability Jan 02 2016 11:42AM
Rahul Pratap Singh (techno rps gmail com)
#Exploit Title : Open Audit SQL Injection Vulnerability
#Exploit Author : Rahul Pratap Singh
#Date : 2/Jan/2016
#Home page Link : https://github.com/jonabbey/open-audit
#Website : 0x62626262.wordpress.com
#Twitter : @0x62626262
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94

1. Description

"id" field in software_add_license.php is not properly sanitized, that
leads to SQL Injection Vulnerability.

"pc" field in delete_system.php, list_viewdef_software_for_system.php
and system_export.php is not properly sanitized, that leads to SQL
Injection Vulnerability.

2. Vulnerable Code:

software_add_license.php: ( line 12 to 13)

$sql = "SELECT * from software_register WHERE software_reg_id = '" .
$_GET["id"] . "'";
$result = mysql_query($sql, $db);

delete_system.php: ( line 5 to 10)

if (isset($_GET['pc'])) {

$link = mysql_connect($mysql_server, $mysql_user, $mysql_password)
or die("Could not connect");
mysql_select_db("$mysql_database") or die("Could not select database");
$query = "select system_name from system where system_uuid='" .
$_GET['pc'] . "'";
$result = mysql_query($query) or die("Query failed at retrieve
system name stage.");

list_viewdef_software_for_system.php: ( line 2 to 3)

$sql = "SELECT system_os_type FROM system WHERE system_uuid = '" .
$_REQUEST["pc"] . "'";
$result = mysql_query($sql, $db);

system_export.php: ( line 108 to 112)

if(isset($_REQUEST["pc"]) AND $_REQUEST["pc"]!=""){
$pc=$_REQUEST["pc"];
$_GET["pc"]=$_REQUEST["pc"];
$sql = "SELECT system_uuid, system_timestamp, system_name FROM system
WHERE system_uuid = '$pc' OR system_name = '$pc' ";
$result = mysql_query($sql, $db);
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)

mQINBFYHqawBEAC3Mjyw1EiwhUNqaLqXqG2vTJMOwjqxwa3DAjPvO00BsytPB44L
QxGFx8tmkNcY/9D85cm6ZXfGzvMWVQqO47BTrRp2du3P+cXOtS+/MdM0ARy6dql8
Nlyuy4quuovD+1OOxVGU14Irl8WcmuwVY6eoYbVyRRNoSvo8gtUc4eGuDcIFS5KD
gnn2yGrU39oWe8s27Zqcuwmnt3P0qJrp6YhhDPrrm41v4akYSkAMAFnx5V+lgwJY
OrNBhSgvhPK4O9iHVER1YNPXQKWjOMkt+WRN4vbrzETSRiLt+v0vPPc7t6Ocp9td
if2NdShBiI54mZ+4iQQeLGCAopwCrcLcA5IBhT+XOXoQnXmQ0k5+CtunTrk2cB99
VDd+7d3bk/ajnMv2IVSPF9fPb6n0aSuoUu6hQ5Ig/SqorpRCsKXiaryb1UDPtrRE
/mvbAisqmbmQX8o3oMrQyRuDp4eHydWwFEUk+Rq42azBoTbE8o/3SjJ1G56mTDBr
i4Z8ZydrijPw01+2R++GfALvnguEptja7fAi10H3YYu3AqckcdcZig7Zu9Utp+Xj
kFGh8LVMJFd8YFBYXUp877tFJVhL4N3Nw0Q2zkAMEpAZTt7e9YVrqoxWLAnae+pT
wT3F0UMo+JkUhtYnHnTdGr5GDQGv4lJHkfF3MmFPPXlKyDQ+PUrOfD1bbQARAQAB
tClSYWh1bCBQcmF0YXAgU2luZ2ggPHRlY2huby5ycHNAZ21haWwuY29tPokCPgQT
AQIAKQUCVgeprAIbIwUJCWYBgAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJ
EJvdRneaz31fDmsP+Lnr0/SS860E+VTP5GN8X6APuoFQI7iXlOg/8pvIKG1A9c02
1hBAN+5+sN3yRxo18rlHFPorszuR4eWrjXVo4TUlzjArHyTkDshg0bBiAtm3O4R0
CfwqC5Dp4/UuZ2GeX2duUob8SqpvkcAK/H+Ig88VDeR/vlDSIdq729KSB7aS6TyC
rohe79xPd03mvzOpBcmqQuQuV/6zCXjgn6yfOk9tf9dprDdM7jM+eimKdwXAAz1O
mebNXd6Q5SEOGq9SyESDAbKf6NtIrOIM7R1D9lNYF6PihZ4LyGLMzl7VN9ZbUcYj
p6IlQNn/K598CjubtFsc43Zt3Mw9uJJ/9f6+hVZBA1SwPQfMA9GbRfcBMt4Ufe8f
/CyqAhR1rzWFYoqfb42eA483cYSeFnChyXeUrddqNzXGVBSor+cNsxqkPyOlTu7B
ChBrb43Xh0HuxyA96mxEezgcMxFMc2OgPRdzqBo62HNKwlhBMLzkikVW9fd05IBA
c6fccQL25w12DXIwpJIHLlol8nTwy9FczyA3aVU2jHfvFPjILmg61AZi3VELpdtC
ydT52LwWhqRr/ctfX6W0pAzLHWBQapSuLjMk3TqtScU9XZaINHcXMXkCDAhZ/3mO
F15rKMj8ofSA253dMMzFaxID1Yq9j45o02+t2fp3bG0P4AOSR/pR4qalF5q5Ag0E
VgeprAEQAM+0XmpMNTDvq6ZY2Z86ejS5YeF6vKIaut35hzpNwjIpdBycRU9BlXZ8
U/b1+TAfQvr2JhGS69B5KAZuMQG0JvQRq+/AweoTlkWALYt1/mA5zI1PV1dIJxbv
oDGpOMrMuMmBNZSpb0AO88t6hzlLd1xTKbHmSvwr5DF29bzXD+KP1Gf72aSGQ/vb
mXncF2k0u32pxBRj9y4riQLix8L0754RSUKWNefuim44xIDhHFK5saLL4PAGoncV
JVAnY8oEEXMn+4RB2EocsUAU1PfFVUWGosoMmOyVnargpOJuaipmOgg5b5B5n82L
R0t85/k+9T1V3i5BMtnpdld+EpnB5Mbym4HQN7gD3Bjhm3JwgV9IxNxglYw/4LrY
WkgL+Q1Hp7C9N2DO9mfiQDHsbX0ZOWo9BPt8QDZpe0tLWZzo/wG9ZsgaSq2BWpQ7
fM8mDtqm2uRWWOgfskWSa8R9dBttXl7WnjfZkaiEQGCzOJhYcK4slDH8hVdeGuFn
UyqyYxvRbRgXiM0LhAKupqWlg9MZw1FLb46zicudDJmyEqZzxUBpjChiglus5VAW
32Bwnepd7Cjc/Hb+0YXp21HMU0z/bSYd9si7VfpKv3xq/qPDiJdN9VoPruHh6/66
JaJmAKU881oZW2+oY5QBXsS8F/oWxY1KheUABx74Ep+Xf2y6OYgPABEBAAGJAiUE
GAECAA8FAlYHqawCGwwFCQlmAYAACgkQm91Gd5rPfV+kIxAAisNgzb2wo4uQOrPh
eDY0WzqQjs/zKtwOh97jAypaXQLdMJ0TkZD2+tlxXlVUfjInJc/2ZEH+UPwEuTIp
zdvuNSsi/BiD9BxKQW6OY/aD/0s9giC5uwHcjPDVLqHVaRTiQxFUYwpRSMUrkv6P
n3KvQ/9gwN6x6ZiiTndRuNkhfKELzYRdyplqHtk7cUyNhxZsp4E/LJMSpBC7KTn8
LvNNl1vrzLCAdDUHqgOnW/Zc+wfDJDpDt0dJ52IJlxisZHF0riU7OvZYe7YwscO5
wLKj8kX/98hb0kj50QCQhmEiLsfL0fdRB8X+5WWyEW30zaoRFU3/Rrp5zzM821fS
cvWW0EUXyUEguqRFRPAY3WYYcLvdIzEJ/KSgbthGvjgncGp2PGhlT3XozS4rLUyo
sDmJZqkPpUXEmpvinBRDCsFvBmiUtihg5omgfJj5NYJHpvmnW3/9CjQzSOzmKpLo
z3WNEH26kSVNrB+fsDo7trXoaYTN6n7G1jll34Vj4DWFvURj4M3altdzF5kdVc6z
cbF4bSYrb+NO38zADSayDERzngUzouqlXbS8vJKQns+PE1ddwTZPbIen9lj+BPha
r53lQp7RucTZLVbCSeBrLXVpkvDCZDBF7Qx8KQY2BHYf4Xr0YHjuw4FMd2Fgkcdi
y0V0JgTl31Qj30kCJGsmmTu3IEQ=
=W24W
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJWh7e4AAoJEJvdRneaz31f1P8P/0zlDvhVf22I74XdEk/GWXR9
7IXgLEmOF8tT3vWv/q9p4ehz3ujiQ6GV2SP7heNBC/V8X1Sw/NuN0BUJXBEDt5AV
EiwEBu+8+BboUgktSmgVXb/74C4WsDYiBNrqZwOeI01HQu09ybYcE/JGqncxE9UK
15MKB6nrmtvSbIWAZX5pg8gbvFTnZPFSHZmt8+nbhpDqvl15E3zeq/96VjJVYPNx
wjVG0hSP+jZyDjZA6KU9ILcyYAfxPhKKROVPqObbmXM6W/x1Go9OLeb40gqxzTzd
CrCxJeMHl4Z+XIbGREpVQVmd2urwJioFg76Ri6kyLHx14fSlkE1hZVQXHJBmmv0I
4b8fuOQ3Mnr0emT1+FAFXzf5FFkTZswq7wr+7eJgsp/i/ctYQsGgDPgcvvXl/EHE
yCUJGIOeMHH+66M55msiKdx08j0ZTzF0FdScVRPq2DY8VyxM/8n5Wa845Wj/IACp
Fce+9KlvnBYHFy5a6Ol9/pkOfE8vmUN5N2nleLoJcfilInvRBCvTl1jBzNKnQbLo
C/g+hVbU0Xpf8+wxJOlTdxjRX7JJq6MZGphafGkl4nqSpceNgY9HO3N4iRfUhTIZ
D9k6yqapi/CtY4Nakkv7zjMDFBBLekneF6+KrqyR8lY0bKKksewgcgfC4IF4KpRT
48LSUqwTvjUC4fy9lxL3
=Vt8d
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus