[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : SonicWALL Aventail SSL-VPN SQL Injection Vulnerability
# Published : 2011-11-16
# Author :
# Previous Title : Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution
# Next Title : LibLime Koha <= 4.2 Local File Inclusion Vulnerability
================================================================================
SonicWALL Aventail SSL-VPN SQL Injection Vulnerability
================================================================================
#Date- 17/11/11
# code by Asheesh kumar Mani Tripathi
# Credit by Asheesh Anaconda
#Vulnerbility
SonicWALL Aventail SSL-VPN is prone to an SQL-injection vulnerability because the application fails to properly
sanitize user-supplied input before using it in an SQL query.
#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database
========================================================================================================================
Request
========================================================================================================================
https://example.xxx.com/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]