what you don't know can hurt you

AlienVault OSSIM 4.1.2 SQL Injection

AlienVault OSSIM 4.1.2 SQL Injection
Posted May 8, 2013
Authored by RunRunLevel

AlienVault OSSIM versions 4.1.2 and below suffer from remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 11ce13455ed474317c27640ba3d015dd

AlienVault OSSIM 4.1.2 SQL Injection

Change Mirror Download

RunRunLevel Web Security Research - AlienVault OSSIM multiple SQL Injection vulnerabilities
Vendor Website : http://www.alienvault.com

 INDEX
---------------------------------------
    1. Background
    2. Description
    3. Affected Products
    4. Vulnerabilities
    5. Solution
    6. Credit
    7. Disclosure Timeline


1. BACKGROUND
---------------------------------------
    OSSIM by AlienVault is an Open Source Security Information and Event Management (SIEM) platform, comprising a collection of tools designed to aid network administrator in computer security, intrusion detection and prevention. (Wikipedia)


2. DESCRIPTION
---------------------------------------
    The RunRunLevel Web Security Research Team discovered several vulnerabilities in the OSSIM web interface. All web vulnerabilities are caused by lack/unproper input validation. The Web Security Reseach Team also found that OSSIM MySQL database was running with root privileges, allowing to a full system compromise of the OSSIM platform.


3. AFFECTED PRODUCTS
---------------------------------------
    AlienVault OSSIM  4.1.2 (stable version and below)

  
4. VULNERABILITIES
---------------------------------------
    The vulnerabilities can be classified as "SQL Injection". No input validation is performed when processing parameters on the following URL's:

    4.1  /ossim/forensics/base_qry_main.php [action_lst[0] parameter]
    4.2  /ossim/forensics/base_qry_main.php [action_lst[1] parameter]
    4.3  /ossim/forensics/base_qry_main.php [action_lst[18] parameter]
    4.4  /ossim/forensics/base_qry_main.php [action_lst[6] parameter]
    4.5  /ossim/forensics/base_qry_main.php [hostid[0] parameter]
    4.6  /ossim/forensics/base_qry_main.php [sort_order parameter]
    4.7  /ossim/forensics/base_qry_main.php [time[0][8] parameter]
    4.8  /ossim/net/getnet.php              [sortname parameter]
    4.9  /ossim/session/users_edit.php      [login parameter]
    4.10 /ossim/session/users_edit.php      [name parameter]

    Together with the SQLi vulns was found that the MySQL Database server was running with system administrator privileges.

    4.11 MySQL database running with root privileges


5. SOLUTION
---------------------------------------
    Vendor contacted, but no response provided.


6. CREDIT
---------------------------------------
    The vulnerabilities were discovered by the RunRunLevel Web Security Research Team.


7. DISCLOSURE TIMELINE
---------------------------------------
    2013-03-01 - Vulnerability Discovered
    2013-03-10 - Vendor Informed
    2013-04-01 - No Response from Vendor
    2013-05-01 - No Response from Vendor
    2013-05-09 - Public Disclosure



Login or Register to add favorites

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close