[hobbit] Hobbit Security Issue?

Stewart Larsen stl19847 at yahoo.com
Thu Mar 22 18:43:08 CET 2007


verify how your scanner determines the vulnerability.

I have used one that attempts to hit the page with valid data and gets the
response.

Then they attempt to exploit and check the response.   If the data that
they send has no effect on the response from the server, they conclude
that their exploit might have been successful.

That's exactly what is happening here, and the code appears to be solid
and there does not appear to be an issue.  Get your security folks to flag
this as a false positive in their scanning tool.  The extra bits that get
passed in are tossed on the floor and not used, they have no effect and
are not a security issue.

stewart




> Perhaps someone more familiar with security can help me with this?  Or
> perhaps it's a false positive?  We scan or hosts for security and my
> score just went up more than three fold.  This was the worst offender:
>
> wpoison (nasl version)
> Long Desc: The following URLs seem to be vulnerable to BLIND SQL
> injection
> techniques :
> /hobbit-cgi/bb-hostsvc.sh?-='+AND+'b'>'a&HOST=myhost&SERVICE=info
>
> Obviously Hobbit doesn't use SQL, but we do have a running mysql
> instance running on the host.  Our mysql instance is not used by hobbit.
> Any suggestions?
>
> Our mysql instance:
>
> mysql  Ver 14.12 Distrib 5.0.27, for redhat-linux-gnu (i686) using
> readline 5.0
>
> ~David
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
>
>
>


-- 
Stewart Larsen



More information about the Xymon mailing list