SonicWALL Aventail SSL-VPN – SQL Injection

• Exploit Database
• 120 阅读

• 作者： Asheesh kumar
  日期： 2011-11-16
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/18122/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

  ================================================================================ SonicWALL AventailSSL-VPNSQL Injection Vulnerability ================================================================================   #Date- 17/11/11   # code by Asheesh kumar Mani Tripathi # Credit by Asheesh Anaconda #Vulnerbility SonicWALL AventailSSL-VPNis prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. #Impact A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database ======================================================================================================================== Request ======================================================================================================================== https://example.xxx.com/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]