Snort mailing list archives
Re: interesting information on ACID
From: "Jason K. Boykin" <jboykin () summit-research-corp com>
Date: Fri, 18 Jul 2003 13:13:01 -0500
I run nessus almost weekly on one of our test servers and have never seen this. It might be because we run only HTTPS (port 443) instead of HTTP (port 80). All HTTP requests are rejected. You might try e-mailing the creators of ACID to see if they are aware if this really is the case. Anyone else run nessus against a regular HTTP server with ACID lately and get the sql injection vulnerability? On Friday 18 July 2003 08:36 am, Scott Renna wrote:
Hello Snort users, So I ran a Nessus scan against one of my test IDS boxes and it came back with some very interesting results: The following URLs seem to be vulnerable to various SQL injection techniques : /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller='UNION'¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller='¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller='%22¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller=9%2c+9%2c+9¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller='bad_bad_value¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller=bad_bad_value'¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller='+OR+'¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller='WHERE¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller=%3B¤t_view=&action_arg=& = /acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor t_order=class_a&caller='OR¤t_view=&action_arg=& = An attacker may exploit this flaws to bypass authentication or to take the control of the remote database. Solution : Modify the relevant CGIs so that they properly escape arguments Risk Factor : Serious See also : http://www.securiteam.com/securityreviews/5DP0N1P76E.html Has anyone else seen such things? I've not tested any techniques on it yet, as I've more been focused on working with barnyard. Anyone know anything further on this? Scott *************************** Scott Renna Head Systems Administrator Dynamic Animation Systems 703-503-0500 ***************************
------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- interesting information on ACID Scott Renna (Jul 18)
- Re: interesting information on ACID Jason K. Boykin (Jul 18)
- Re: interesting information on ACID Jon Hart (Jul 19)