Detail of POC can be viewed
http://www.securityfocus.com/bid/50702
http://www.exploit-db.com/exploits/18122/
SonicWALL Aventail is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]
No comments:
Post a Comment