Full Disclosure mailing list archives

AlienVault 4.5.0 authenticated SQL injection

From: Brandon Perry <bperry.volatile () gmail com>
Date: Sun, 30 Mar 2014 10:12:34 -0500

Hi, the linked gist below details a post-auth SQL injection within
AlienVault 4.5.0 OSSIM.

Any authed user will do, admin not required.

https://gist.github.com/brandonprry/9874177

-- 
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

AlienVault 4.5.0 authenticated SQL injection Brandon Perry (Mar 30)