Sql injection in OCS Inventory NG Server 1.2.1

OCS Inventory NG Server 1.2.1


The Open Computer and Software (OCS) Inventory Next Generation (NG)
provides relevant inventory information about system configurations and
software on the network.

 Download : http://www.ocsinventory-ng.org/index.php?page=1-02-1
 Found by : Guilherme Marinheiro				
 Contact : gmcbr0@gmail.com 				  	
 Prequisite: Authenticated user				
 Remote exploitable:Yes (Authentication is needed)		

PoC :

Vulnerable Code:

script: machine.php

77 $queryMachine    = "SELECT * FROM hardware WHERE (ID=$systemid)";
78 $result   = mysql_query( $queryMachine, $_SESSION["readServer"] )
or mysql_error($_SESSION["readServer"]);
79 $item     = mysql_fetch_object($result);