[Snort-users] interesting information on ACID

Scott Renna srenna at ...9588...
Fri Jul 18 06:38:02 EDT 2003


Hello Snort users,

So I ran a Nessus scan against one of my test IDS boxes and it came back
with some very interesting results:

The following URLs seem to be vulnerable to various SQL injection
techniques : 

/acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor
t_order=class_a&caller='UNION'&current_view=&action_arg=&
=
/acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor
t_order=class_a&caller='&current_view=&action_arg=&                  =
/acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor
t_order=class_a&caller='%22&current_view=&action_arg=&
=
/acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor
t_order=class_a&caller=9%2c+9%2c+9&current_view=&action_arg=&
=
/acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor
t_order=class_a&caller='bad_bad_value&current_view=&action_arg=&
=
/acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor
t_order=class_a&caller=bad_bad_value'&current_view=&action_arg=&
=
/acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor
t_order=class_a&caller='+OR+'&current_view=&action_arg=&
=
/acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor
t_order=class_a&caller='WHERE&current_view=&action_arg=&
=
/acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor
t_order=class_a&caller=%3B&current_view=&action_arg=&                  =
/acid_stat_class.php?num_result_rows=&submit=AL&on=&Screen]=&action=&sor
t_order=class_a&caller='OR&current_view=&action_arg=&                  =



An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.


Solution : Modify the relevant CGIs so that they properly escape
arguments
Risk Factor : Serious
See also : http://www.securiteam.com/securityreviews/5DP0N1P76E.html

Has anyone else seen such things?  I've not tested any techniques on it
yet, as I've more been focused on working with barnyard.  Anyone know
anything further on this?

Scott

***************************
Scott Renna
Head Systems Administrator
Dynamic Animation Systems
703-503-0500

*************************** 





More information about the Snort-users mailing list