Sql injection in OCS Inventory NG Server 1.2.1

OCS Inventory NG Server 1.2.1


The Open Computer and Software (OCS) Inventory Next Generation (NG)
provides relevant inventory information about system configurations and
software on the network.

Download : http://www.ocsinventory-ng.org/index.php?page=1-02-1
Found by : Guilherme Marinheiro
Contact : gmcbr0@xxxxxxxxx
Prequisite: Authenticated user
Remote exploitable:Yes (Authentication is needed)

PoC :

Vulnerable Code:

script: machine.php

77 $queryMachine = "SELECT * FROM hardware WHERE (ID=$systemid)";
78 $result = mysql_query( $queryMachine, $_SESSION["readServer"] )
or mysql_error($_SESSION["readServer"]);
79 $item = mysql_fetch_object($result);