Vulners
Lucene search
Alienvault Open Source SIEM (OSSIM) 4.1 - Multiple SQL Injection Vulnerabilities
# Title: Alienvault OSSIM Open Source SIEM 4.1 Multiple SQL Vulnerabilities
# Date: February 15, 2013
# Author: Glafkos Charalambous
# Vendor: AlienVault
# Vendor URL: http://www.alienvault.com
# Reported: February 17, 2013
Timeline:
---------
17 Feb 2013: Vulnerability Reported to AlienVault
19 Feb 2013: Sales Department replied if interested to migrate from OSSIM to AlienVault
19 Feb 2013: Asked if there is someone that can handle the security issues
22 Feb 2013: No Vendor response
22 Jun 2013: Public Disclosure
Vendor Description:
-------------------
OSSIM is the most widely used SIEM offering, thanks in no small part to the open source
community that has promoted its use. OSSIM provides all of the capabilities that a security
professional needs from a SIEM offering, event collection, normalization, correlation and
incident response - but it also does far more. Not simply satisfied with integrating data
from existing security tools, OSSIM is built on the Unified Security Management platform
which provides a common framework for the deployment, configuration, and management of your
security tools.
Vulnerability Details:
----------------------
Blind SQL Injection vulnerabilities detected in the Alienvault OSSIM Open Source SIEM 4.1 product:
Example POC:
Get Parameter: sensor
https://[host]/ossim/forensics/base_qry_main.php?new=1&num_result_rows=-1&sensor=SQL_INJECTION&submit=Query
Get Parameter: tcp_flags
https://[host]/ossim/forensics/base_stat_alerts.php?ossim/forensics/base_stat_alerts.php?current_view=-1
&layer4=TCP&num_result_rows=-1&sort_order=occur_d&tcp_flags[0]=SQL_INJECTION&tcp_port[0][0]=
&tcp_port[0][1]=layer4_sport&tcp_port[0][2]==&tcp_port[0][3]=16315 &tcp_port[0][4]= &tcp_port[0][5]= &tcp_port_cnt=1
Get Parameter: tcp_port
https://[host]/ossim/forensics/base_stat_alerts.php?current_view=-1&layer4=TCP&num_result_rows=-1&sort_order=occur_d
&tcp_flags[0]=&tcp_port[0][0]= &tcp_port[0][1]=layer4_sport&tcp_port[0][2]==&tcp_port[0][3]=16315
&tcp_port[0][4]=SQL_INJECTION&tcp_port[0][5]= &tcp_port_cnt=1
GetParameter: ip_addr
https://[host]/ossim/forensics/base_stat_ports.php?ip_addr[0][0]= &ip_addr[0][1]=ip_src&ip_addr[0][2]==
&ip_addr[0][3]=192.168.0.11&ip_addr[0][8]= &ip_addr[0][9]=AND&ip_addr[1][0]= &ip_addr[1][1]=ip_dst&ip_addr[1][2]==
&ip_addr[1][3]=0.0.0.0&ip_addr[1][8]=SQL_INJECTION&ip_addr[1][9]= &ip_addr_cnt=2&port_type=2&proto=6
Get Parameter: port_type
https://[host]/ossim/forensics/base_stat_ports.php?ip_addr[0][0]= &ip_addr[0][1]=ip_src&ip_addr[0][2]==
&ip_addr[0][3]=0.0.0.0&ip_addr[0][8]= &ip_addr[0][9]=AND&ip_addr[1][0]= &ip_addr[1][1]=ip_dst&ip_addr[1][2]==
&ip_addr[1][3]=0.0.0.0&ip_addr[1][8]= &ip_addr[1][9]= &ip_addr_cnt=2&port_type=SQL_INJECTION&proto=6
SQL Injection vulnerabilities detected in the Alienvault OSSIM Open Source SIEM 4.1 product:
Example POC:
Get Parameter: sortby
https://[host]/ossim/vulnmeter/index.php?allres=1&op=search&rvalue=1&sortby=SQL_INJECTION&submit=Find&type=scantime&withoutmenu=1
Get Parameter: rvalue
https://[host]/ossim/vulnmeter/index.php?allres=1&op=search&rvalue=SQL_INJECTION&sortby=&submit=Find&type=scantime&withoutmenu=1Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Jun 2013 00:00Current
7.4High risk
Vulners AI Score7.4