CVE-2012-3834
published 2012-07-03CVE-2012-3834: SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated…
PriorityP335medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
1.44%
69.9th percentile
SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alienvault | open_source_security_information_management | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection
exploitdb·2012-07-23
CVE-2012-3835 Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection
Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection
---
#!/usr/bin/python
'''
AlienVault has a reflected XSS vulnerability in the "url" parameter of "top.php".
Proof of Concept:
Enticing a logged in user to visit the following URL where an attacker is hosting an cookie grabber will allow for the hijacking of the user session:
https://victim/ossim/top.php?option=3&soption=3&url=
With a cookie captured and a session hijacked, the blind SQL injection vulnerability in the "tcp_port" parameter of "base_qry_main.php" can be exploited to extract the admin hash.
Timeline:
# 28 May 2012: Vulnerability reported to CERT
# 30 May 2012: Response received from CERT with disclosure date set to 20 Jul 2012
# 23 Jul 2012: Update from CERT: No response fro
Exploit-DB
Alienvault Open Source SIEM (OSSIM) 3.1 - Multiple Vulnerabilities
exploitdb·2012-04-29
CVE-2012-3835 Alienvault Open Source SIEM (OSSIM) 3.1 - Multiple Vulnerabilities
Alienvault Open Source SIEM (OSSIM) 3.1 - Multiple Vulnerabilities
---
#####################################################################################
# Advisory: Alienvault OSSIM Open Source SIEM 3.1 Multiple security vulnerabilities
# Advisory ID: SSCHADV-EDB-2012-001
# Contact: [email protected]
# Author: Stefan Schurtz
# Affected Software: Successfully tested on Alienvault Open Source SIEM 3.1 (32bit)
# Vendor URL: http://www.alienvault.com/
# Vendor Status: informed
#####################################################################################
Vulnerability Description
Alienvault OSSIM Open Source SIEM 3.1 is prone to XSS and SQL-Injection vulnerabilities
PoC-Exploit
#### SQL-Injection //Authentication is needed ####
https://[target]/ossim/forensics/base_qry_
No writeups or analysis indexed.
http://secunia.com/advisories/49005http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.htmlhttp://www.exploit-db.com/exploits/18800http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txthttp://www.securityfocus.com/bid/53331https://exchange.xforce.ibmcloud.com/vulnerabilities/75290http://secunia.com/advisories/49005http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.htmlhttp://www.exploit-db.com/exploits/18800http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txthttp://www.securityfocus.com/bid/53331https://exchange.xforce.ibmcloud.com/vulnerabilities/75290
2012-07-03
Published