Snort mailing list archives
interesting information on ACID
From: "Scott Renna" <srenna () d-a-s com>
Date: Fri, 18 Jul 2003 09:36:35 -0400
Hello Snort users, So I ran a Nessus scan against one of my test IDS boxes and it came back with some very interesting results: The following URLs seem to be vulnerable to various SQL injection techniques : /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller='UNION'¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller='¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller='%22¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller=9%2c+9%2c+9¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller='bad_bad_value¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller=bad_bad_value'¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller='+OR+'¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller='WHERE¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller=%3B¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller='OR¤t_view=&action_arg=& = An attacker may exploit this flaws to bypass authentication or to take the control of the remote database. Solution : Modify the relevant CGIs so that they properly escape arguments Risk Factor : Serious See also : http://www.securiteam.com/securityreviews/5DP0N1P76E.html Has anyone else seen such things? I've not tested any techniques on it yet, as I've more been focused on working with barnyard. Anyone know anything further on this? Scott *************************** Scott Renna Head Systems Administrator Dynamic Animation Systems 703-503-0500 *************************** ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- interesting information on ACID Scott Renna (Jul 18)
- Re: interesting information on ACID Jason K. Boykin (Jul 18)
- Re: interesting information on ACID Jon Hart (Jul 19)