Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

AlienVault 4.5.0 authenticated SQL injection
From: Brandon Perry <bperry.volatile () gmail com>
Date: Sun, 30 Mar 2014 10:12:34 -0500

Hi, the linked gist below details a post-auth SQL injection within
AlienVault 4.5.0 OSSIM.

Any authed user will do, admin not required.

https://gist.github.com/brandonprry/9874177

-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


  By Date           By Thread  

Current thread:
  • AlienVault 4.5.0 authenticated SQL injection Brandon Perry (Mar 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault