A persistent POST Injection (input validation) vulnerability is detected in the official DELL Sonicwall SonicOS v18.104.22.168 Firewall Series Appliance Application.The vulnerability typus allows an attacker to inject via POST request own malicious script code in the vulnerable
module on application side (persistent).
The vulnerability is located in the Firewall > Match Object > Edit Match Object section when processing to request via the `Search > appFirewallObjects` module the bound vulnerable [searchStr] application parameter. The persistent injected script code will be executed out of the searchstr name listing web application context.
The bug can be exploited with a low (restricted) privileged application user account and low required user inter action. Successful exploitation of the vulnerability result in persistent session hijacking, persistent phishing, external redirect, external malware
loads and persistent vulnerable module context manipulation.
The persistent post injection vulnerability can be exploited by remote attackers with low privileged application user
account and low required user interaction. For demonstration or reproduce ...