Snort mailing list archives
Re: interesting information on ACID
From: Jon Hart <warchild () spoofed org>
Date: Sat, 19 Jul 2003 19:48:02 -0400
On Fri, Jul 18, 2003 at 09:36:35AM -0400, Scott Renna wrote:
Hello Snort users, So I ran a Nessus scan against one of my test IDS boxes and it came back with some very interesting results: The following URLs seem to be vulnerable to various SQL injection techniques :
<snip>
Has anyone else seen such things? I've not tested any techniques on it yet, as I've more been focused on working with barnyard. Anyone know anything further on this? Scott
Yes. This is mentioned in the ACID documents: http://www.andrew.cmu.edu/~rdanyliw/snort/acid_config.html Citiing secion IV: "ACID is currently _beta_! No real work has been done in validating any input. This means that the code may allow arbitrary access to the underlying database. Exercise extreme caution in deploying this application in a public area." Ok, well maybe that doesn't exactly mention SQL injection and other fun attacks against web apps, its close enough. The best you can do is use SSL on your ACID pages, require user authentication, and only give the database user enough permission as is necessary to use all of ACID's features. This way, even once they authenticate, the worst they could probably do is something that they could already do using ACID's interface. -jon ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- interesting information on ACID Scott Renna (Jul 18)
- Re: interesting information on ACID Jason K. Boykin (Jul 18)
- Re: interesting information on ACID Jon Hart (Jul 19)