5 matches found
AlienVault Authenticated SQL Injection Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AlienVault Authenticated SQL Injection Arbitrary File Read", 'Description' = %q AlienVault 4.5.0 is susceptible to an authenticated SQL injection...
AlienVault 4.5.0 Authenticated SQL Injection
No description provided by source. The following request is vulnerable to a SQL injection attack from authenticated users. GET /ossim/report/BusinessAndComplianceISOPCI/ISO27001Bar1.php?datefrom=2014-02-28&dateto=2014-03-30 HTTP/1.1 Host: 172.31.16.150 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux...
AlienVault Authenticated SQL Injection Arbitrary File Read
AlienVault 4.5.0 is susceptible to an authenticated SQL injection attack via a PNG generation PHP file. This module exploits this to read an arbitrary file from the file system. Any authenticated user is able to exploit it, as administrator privileges aren't required. This module requires...
AlienVault 4.5.0 SQL Injection Vulnerability
AlienVault version 4.5.0 suffers from an authenticated remote SQL injection vulnerability. Metasploit module proof of concept is included. The following request is vulnerable to a SQL injection attack from authenticated users. GET...
Alienvault 4.5.0 - (Authenticated) SQL Injection (Metasploit)
The following request is vulnerable to a SQL injection attack from authenticated users. GET /ossim/report/BusinessAndComplianceISOPCI/ISO27001Bar1.php?datefrom=2014-02-28&dateto=2014-03-30 HTTP/1.1 Host: 172.31.16.150 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101...