Exploit Title : Open Audit(GPL version) SQL injection vulnerability
Author         : WICS
Date             : 9/12/2015
Software Link  : https://github.com/jonabbey/open-audit
 
Overview:
 
 
delete_missed_audit.php is accessible without authentication and GET Method parameter pc is not getting filter before passing to SQL query.
Vulnerable code 
 
if (isset($_GET['pc'])) {
    $link = mysql_connect($mysql_server, $mysql_user, $mysql_password) or die("Could not connect");
    mysql_select_db("$mysql_database") or die("Could not select database");
    $query = "select system_name from system where system_uuid='" . $_GET['pc'] . "'";
    $result = mysql_query($query)  or die("Query failed at retrieve system name stage.");
    $myrow = mysql_fetch_array($result);
    $name = $myrow['system_name'];
	

 
 
POC
Vulnerable URL 
https://github.com/jonabbey/open-audit/blob/master/delete_missed_audit.php?pc=SQL_Injection