Alienvault Open Source SIEM (OSSIM) 4.1.2 – Multiple SQL Injections

• Exploit Database
• 123 阅读

• 作者： RunRunLevel
  日期： 2013-05-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/25447/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67

  RunRunLevel Web Security Research - AlienVault OSSIM multiple SQL Injection vulnerabilities Vendor Website : http://www.alienvault.com   INDEX --------------------------------------- 1. Background 2. Description 3. Affected Products 4. Vulnerabilities 5. Solution 6. Credit 7. Disclosure Timeline     1. BACKGROUND --------------------------------------- OSSIM by AlienVault is an Open Source Security Information and Event Management (SIEM) platform, comprising a collection of tools designed to aid network administrator in computer security, intrusion detection and prevention. (Wikipedia)     2. DESCRIPTION --------------------------------------- The RunRunLevel Web Security Research Team discovered several vulnerabilities in the OSSIM web interface. All web vulnerabilities are caused by lack/unproper input validation. The Web Security Reseach Team also found that OSSIM MySQL database was running with root privileges, allowing to a full system compromise of the OSSIM platform.     3. AFFECTED PRODUCTS --------------------------------------- AlienVault OSSIM4.1.2 (stable version and below)     4. VULNERABILITIES --------------------------------------- The vulnerabilities can be classified as "SQL Injection". No input validation is performed when processing parameters on the following URL's:   4.1/ossim/forensics/base_qry_main.php [action_lst[0] parameter] 4.2/ossim/forensics/base_qry_main.php [action_lst[1] parameter] 4.3/ossim/forensics/base_qry_main.php [action_lst[18] parameter] 4.4/ossim/forensics/base_qry_main.php [action_lst[6] parameter] 4.5/ossim/forensics/base_qry_main.php [hostid[0] parameter] 4.6/ossim/forensics/base_qry_main.php [sort_order parameter] 4.7/ossim/forensics/base_qry_main.php [time[0][8] parameter] 4.8/ossim/net/getnet.php[sortname parameter] 4.9/ossim/session/users_edit.php[login parameter] 4.10 /ossim/session/users_edit.php[name parameter]   Together with the SQLi vulns was found that the MySQL Database server was running with system administrator privileges.   4.11 MySQL database running with root privileges     5. SOLUTION --------------------------------------- Vendor contacted, but no response provided.     6. CREDIT --------------------------------------- The vulnerabilities were discovered by the RunRunLevel Web Security Research Team.     7. DISCLOSURE TIMELINE --------------------------------------- 2013-03-01 - Vulnerability Discovered 2013-03-10 - Vendor Informed 2013-04-01 - No Response from Vendor 2013-05-01 - No Response from Vendor 2013-05-09 - Public Disclosure