AlienVault 4.6.1 SQL Injection

Exploit Title: AlienVault newpolicyform.php SQLi Date: 5/9/2014 Exploit Author: chrisdhebertatgmail.com Vendor Homepage: http://www.alienvault.com/ Software Link: http://www.alienvault.com/free-downloads-services Version: 4.6.1 and below Tested on: Linux CVE : n/a Vendor Security Advisory :...

AlienVault Authenticated SQL Injection Arbitrary File Read

AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php, using the 'insertinto' parameter. This module exploits the vulnerability to read an arbitrary file from the file system. Any authenticated user is able to exploit this, as administrator...