SonicWALL Aventail SSL-VPN - SQL Injection

Author: Asheesh kumar
type: webapps
platform: hardware
port: 
date_added: 2011-11-16 
date_updated: 2011-11-16 
verified: 0 
codes: OSVDB-77484;CVE-2011-5262 
tags: 
aliases:  
screenshot_url:  
application_url: 

 ================================================================================

                      SonicWALL Aventail  SSL-VPN  SQL Injection Vulnerability
                     ================================================================================


#Date- 17/11/11

# code by Asheesh kumar Mani Tripathi



# Credit by Asheesh Anaconda



#Vulnerbility
SonicWALL Aventail  SSL-VPN  is prone to an SQL-injection vulnerability because the application fails to properly
sanitize user-supplied input before using it in an SQL query.

#Impact
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database


========================================================================================================================

                                                           Request
========================================================================================================================

https://example.xxx.com/prodpage.cfm?CFID=&CFTOKEN=&CategoryID=[SQL]