ad

SonicWALL Aventail SSL-VPN SQL Injection Vulnerability



EDB-ID: 18122 CVE: 2011-5262 OSVDB-ID: 77484
Author: Asheesh kumar Published: 2011-11-16 Verified: Not Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
 ================================================================================
 
                      SonicWALL Aventail  SSL-VPN  SQL Injection Vulnerability
                     ================================================================================
 

#Date- 17/11/11

# code by Asheesh kumar Mani Tripathi
 
     
 
# Credit by Asheesh Anaconda
 
 
 
#Vulnerbility
SonicWALL Aventail  SSL-VPN  is prone to an SQL-injection vulnerability because the application fails to properly 
sanitize user-supplied input before using it in an SQL query.
 
#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database
 
 
========================================================================================================================
 
                                                           Request
========================================================================================================================
 
https://example.xxx.com/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]