SonicWALL Aventail SSL-VPN – SQL Injection

• Exploit Database
• 15 阅读

• 作者： Asheesh kumar
  日期： 2011-11-16
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/18122/

•  ================================================================================
   
  SonicWALL AventailSSL-VPNSQL Injection Vulnerability
   ================================================================================
   
  
  #Date- 17/11/11
  
  # code by Asheesh kumar Mani Tripathi
   
   
   
  # Credit by Asheesh Anaconda
   
   
   
  #Vulnerbility
  SonicWALL AventailSSL-VPNis prone to an SQL-injection vulnerability because the application fails to properly 
  sanitize user-supplied input before using it in an SQL query.
   
  #Impact
  A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database
   
   
  ========================================================================================================================
   
   Request
  ========================================================================================================================
   
  https://example.xxx.com/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]