SonicWALL Aventail SSL-VPN SQL Injection

2011-11-17T00:00:00
ID PACKETSTORM:107046
Type packetstorm
Reporter Asheesh Kumar Mani Tripathi
Modified 2011-11-17T00:00:00

Description

                                        
                                            ` ================================================================================  
  
SonicWALL Aventail SSL-VPN SQL Injection Vulnerability  
================================================================================  
  
  
#Date- 17/11/11  
  
# code by Asheesh kumar Mani Tripathi  
  
  
  
# Credit by Asheesh Anaconda  
  
  
  
#Vulnerbility  
SonicWALL Aventail SSL-VPN is prone to an SQL-injection vulnerability because the application fails to properly   
sanitize user-supplied input before using it in an SQL query.  
  
#Impact  
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database  
  
  
========================================================================================================================  
  
Request  
========================================================================================================================  
  
https://example.xxx.com/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]  
  
`