SonicWALL Aventail ‘CategoryID’参数SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1120621 漏洞类型 SQL注入
发布时间 2011-11-16 更新时间 2013-02-14
CVE编号 CVE-2011-5262 CNNVD-ID CNNVD-201111-323
漏洞平台 Hardware CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/18122
https://www.securityfocus.com/bid/50702
https://cxsecurity.com/issue/WLB-2011110058
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201111-323
|漏洞详情
SonicWALL是功能齐全的互联网安全设备,专门为满足具有不断增长的VPN需要的大型网络而设计。SonicWALLAventail中的prodpage.cfm中存在SQL注入漏洞。远程攻击者可通过CategoryID参数执行任意SQL命令。
|漏洞EXP
================================================================================
 
                      SonicWALL Aventail  SSL-VPN  SQL Injection Vulnerability
                     ================================================================================
 

#Date- 17/11/11

# code by Asheesh kumar Mani Tripathi
 
     
 
# Credit by Asheesh Anaconda
 
 
 
#Vulnerbility
SonicWALL Aventail  SSL-VPN  is prone to an SQL-injection vulnerability because the application fails to properly 
sanitize user-supplied input before using it in an SQL query.
 
#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database
 
 
========================================================================================================================
 
                                                           Request
========================================================================================================================
 
https://example.xxx.com/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]
|受影响的产品
SonicWALL Aventail 0
|参考资料

来源:BID
名称:50702
链接:http://www.securityfocus.com/bid/50702
来源:OSVDB
名称:77484
链接:http://www.osvdb.org/77484
来源:EXPLOIT-DB
名称:18122
链接:http://www.exploit-db.com/exploits/18122