OCS Inventory NG 2.0.1 Persistent XSS (CVE-2011-4024)
OCS Inventory NG 2.0.1 Persistent XSS (CVE-2011-4024)
-------------------------------------------------------
Software=A0=A0=A0=A0=A0 : Open Computer and Software (OCS) Inventory NG
Download=A0=A0=A0=A0=A0 : http://www.ocsinventory-ng.org/
Discovered by : Nicolas DEROUET (nicolas.derouet[gmail]com)
Discover=A0=A0=A0=A0=A0 : 2011-10-04
Published=A0=A0=A0=A0 : 2011-10-05
Version=A0=A0=A0=A0=A0=A0 : 2.0.1 and prior
Impact=A0=A0=A0=A0=A0=A0=A0 : Persistent XSS
Remote=A0=A0=A0=A0=A0=A0=A0 : Yes (No authentication is needed)
CVE-ID=A0=A0=A0=A0=A0=A0=A0 : CVE-2011-4024
Info
----
Open Computer and Software (OCS) Inventory Next Generation (NG) is an
application designed to help a network or system administrator keep track
of the computers configuration and software that are installed on the netwo=
rk.
Details
-------
The vulnerability is in the data sent by the agent OCS. The inventory servi=
ce
and the admin panel does not control the data received. An attacker could i=
nject
malicous HTML/JS through into the inventory information (eg. the computer
description field under WinXP). This data is printed in the admin panel wic=
h
can lead to a session hijack or whatever you want.
PoC
---
1. Enter the XSS script (eg.
<script>alert(String.fromCharCode(88,83,83))</script>)
=A0=A0 in the computer description field. (WinXP > System Properties > Comp=
uter
=A0=A0 Name > Computer Description)
2. Launch an inventory with OCS Agent
3. Go on the admin panel (http://SERVER/ocsreports/)
4. View your computer detail
Tested on=A0=A0=A0=A0 : OCS Agent 2.0.1 (WinXP SP3) and OCS Server 2.0.1 (W=
indows).
Not tested on : Linux Plateform and GLPI (OCS import)
Solution
--------
Upgrade to OCS Inventory NG 2.0.2