Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection

Posted by deepcore on May 18, 2016 – 5:16 pm

This Metasploit module exploits a vulnerability found in Dell SonicWALL Scrutinizer. The methodDetail parameter in exporters.php allows an attacker to write arbitrary files to the file system with an SQL Injection attack, and gain remote code execution under the context of SYSTEM for Windows, or as Apache for Linux. Authentication is required to exploit this vulnerability, but this module uses the default admin:admin credential.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Cisco ASA Software IKEv1 / IKEv2 Buffer Overflow Symantec / Norton Antivirus Memory Corruption »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL