SonicWALL SOHO Firewall Server XSS

2005-03-29T10:42:48
ID OSVDB:15261
Type osvdb
Reporter Oliver Karow(Oliver.karow@gmx.de)
Modified 2005-03-29T10:42:48

Description

Vulnerability Description

SonicWALL SOHO/10 Firewall Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate query string upon submission to the webroot. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

SonicWALL SOHO/10 Firewall Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate query string upon submission to the webroot. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/<script>alert("Its not magic... its a sonic")</script>

References:

Vendor URL: http://www.sonicwall.com/ Security Tracker: 1013638 Secunia Advisory ID:14823 Secunia Advisory ID:14860 Related OSVDB ID: 15262 Other Advisory URL: http://www.oliverkarow.de/research/SonicWall.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0041.html ISS X-Force ID: 19958 CVE-2005-1006 Bugtraq ID: 12984