SonicWALL Aventail SSL-VPN SQL Injection Vulnerability
| EKU-ID: 1316 | CVE: | OSVDB-ID: |
| Author: Asheesh kumar | Published: 2011-11-17 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 1316 | CVE: | OSVDB-ID: |
| Author: Asheesh kumar | Published: 2011-11-17 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
================================================================================
SonicWALL Aventail SSL-VPN SQL Injection Vulnerability
================================================================================
#Date- 17/11/11
# code by Asheesh kumar Mani Tripathi
# Credit by Asheesh Anaconda
#Vulnerbility
SonicWALL Aventail SSL-VPN is prone to an SQL-injection vulnerability because the application fails to properly
sanitize user-supplied input before using it in an SQL query.
#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database
========================================================================================================================
Request
========================================================================================================================
https://example.xxx.com/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]