|
|
 |
| New User, Welcome! Login |
Multiple XSS vulnerabilities in OSSIM 2.2.1
| From: |
nicolas grandjean conix fr |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
Multiple XSS vulnerabilities in OSSIM 2.2.1 |
| Date: |
Wed - Mar 31, 2010 05:41 AM |
================== Summary ==================
Multiple XSS vulnerabilities in OSSIM 2.2.1
Discovered by: CONIX Security (www.conix.fr)
Public Release Date: 3/31/2010
Vendor: Alienvault (www.alienvault.com)
Fixed: Yes (3/30/2010)
============= Technical Details =============
1. An attacker can redirect a victim to a malicious website by giving him a malicious URL, by social engineering or by phishing:
Example:
- http://ossim-server/ossim/nagios/index.php?sensor=www.attacker.com
The top links will then point to http://www.attacker.com
2. All the pages that contains the variable $_SERVER['PHP_SELF'] are vulnerable to an XSS:
Examples:
- http://ossim-server/ossim/control_panel/alarm_console.php/"><script>alert('xss')</script>
- http://ossim-server/ossim/control_panel/alarm_console.php/')"%20onMouseOver="alert('xss');//
- ...
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
