Dell SonicWALL Network Security Appliance NSA 6600 XSS

2016.12.31

Credit: Gjoko 'LiquidWorm' Krstic

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

i>>?
Dell SonicWALL Network Security Appliance NSA 6600 Reflected XSS
Vendor: Dell Inc.
Product web page: https://www.sonicwall.com/products/sonicwall-nsa/
Affected version: NSA 6600 running SonicOS Enhanced 6.2.4.3-31n
WXA 4000 running 1.3.2.0-07
SafeMode 6.1.0.11
Summary: Uncompromising security and performance for emerging large organizations.
The NSA 6600 network security appliance delivers best-in-class protection, speed
and scalability with 12 Gbps throughput and up to 6000 VPN clients.
Desc: SonicWALL NSA suffers from a XSS issue due to a failure to properly sanitize
user-supplied input to the 'curUserName' GET parameter in the 'appFirewallSummary.html'
script. Attackers can exploit this weakness to execute arbitrary HTML and script code
in a user's browser session.
Tested on: SonicWALL
MySQL/5.0.96-community-nt
Apache-Coyote/1.1
Apache Tomcat 6.0.41
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2016-5391
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5391.php
26.01.2016
--
https://127.0.0.1/appFirewallSummary.html?curSrcAddrString=&curTSAIdNum=0&curUserName=test";alert('XSS')//

References:

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5391.php

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Dell SonicWALL Network Security Appliance NSA 6600 XSS

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.