SonicWALL Aventail SSL-VPN - SQL Injection

EDB-ID:

18122




Platform:

Hardware

Date:

2011-11-16


 ================================================================================
 
                      SonicWALL Aventail  SSL-VPN  SQL Injection Vulnerability
                     ================================================================================
 

#Date- 17/11/11

# code by Asheesh kumar Mani Tripathi
 
     
 
# Credit by Asheesh Anaconda
 
 
 
#Vulnerbility
SonicWALL Aventail  SSL-VPN  is prone to an SQL-injection vulnerability because the application fails to properly 
sanitize user-supplied input before using it in an SQL query.
 
#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database
 
 
========================================================================================================================
 
                                                           Request
========================================================================================================================
 
https://example.xxx.com/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]