SonicWALL Aventail SSL-VPN - SQL Injection



EKU-ID: 23969 CVE: OSVDB-77484;CVE-2011-5262 OSVDB-ID:
Author: Asheesh kumar Published: 2011-11-16 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home 


 ================================================================================

                      SonicWALL Aventail  SSL-VPN  SQL Injection Vulnerability
                     ================================================================================


#Date- 17/11/11

# code by Asheesh kumar Mani Tripathi



# Credit by Asheesh Anaconda



#Vulnerbility
SonicWALL Aventail  SSL-VPN  is prone to an SQL-injection vulnerability because the application fails to properly
sanitize user-supplied input before using it in an SQL query.

#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database


========================================================================================================================

                                                           Request
========================================================================================================================

https://example.xxx.com/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]