CVE-2005-1006

SonicWALL SOHO 5.1.7.0 - Stored Cross-Site Scripting via URL or User Login Name

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1006. PoCs published by Oliver Karow.

AI-analyzed exploit summary This exploit demonstrates cross-site scripting (XSS) and HTML injection vulnerabilities in SonicWALL SOHO devices. It includes examples of malicious input in the URL and login form, as well as a crafted POST request to trigger the vulnerability.

Description

Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Oliver Karow · textwebappscgi

https://www.exploit-db.com/exploits/25331

View Code ZIP pw:eip

This exploit demonstrates cross-site scripting (XSS) and HTML injection vulnerabilities in SonicWALL SOHO devices. It includes examples of malicious input in the URL and login form, as well as a crafted POST request to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: SonicWALL SOHO (including Pro 230 firmware 6.5.0.3)

No auth needed

Prerequisites: Network access to the vulnerable SonicWALL device

MITRE ATT&CK