Re: interesting information on ACID

[Jon Hart <warchild () spoofed org>]

On Fri, Jul 18, 2003 at 09:36:35AM -0400, Scott Renna wrote:
> Hello Snort users,
>
> So I ran a Nessus scan against one of my test IDS boxes and it came back
> with some very interesting results:
>
> The following URLs seem to be vulnerable to various SQL injection
> techniques : 

<snip>

> Has anyone else seen such things?  I've not tested any techniques on it
> yet, as I've more been focused on working with barnyard.  Anyone know
> anything further on this?
>
> Scott

Yes.  This is mentioned in the ACID documents:

http://www.andrew.cmu.edu/~rdanyliw/snort/acid_config.html

Citiing secion IV:

"ACID is currently _beta_! No real work has been done in validating
any input. This means that the code may allow arbitrary access to the
underlying database. Exercise extreme caution in deploying this
application in a public area."

Ok, well maybe that doesn't exactly mention SQL injection and other fun
attacks against web apps, its close enough.  The best you can do is use
SSL on your ACID pages, require user authentication, and only give the
database user enough permission as is necessary to use all of ACID's
features.  This way, even once they authenticate, the worst they could
probably do is something that they could already do using ACID's
interface.

-jon




-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users