Alienvault Open Source SIEM (OSSIM) 3.1 – ‘date_from’ Multiple SQL Injections

• Exploit Database
• 39 阅读

• 作者： Yu-Chi Ding
  日期： 2013-10-02
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/38781/

• source: https://www.securityfocus.com/bid/62790/info
  
  Open Source SIEM (OSSIM) is prone to multiple SQL-injection vulnerabilities.
  
  A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
  
  Open Source SIEM (OSSIM) 4.3.0 and prior are vulnerable. 
  
  http://www.example.com/RadarReport/radar-iso27001-potential.php?date_from=%Inject_Here%
  
  http://www.example.com/RadarReport/radar-iso27001-A12IS_acquisition-pot.php?date_from=%Inject_Here%