Multiple persistent input validation vulnerabilities are detected in SonicWalls Continuous Data Protection v6.x 5040 appliance application. The vulnerability allows an remote attacker or local low privileged user account to inject/implement malicious persistent script code on application side of the appliance application.
The vulnerabilities are located in the network, accounts management and system settings modules with the bound vulnerable label delAppl (name, username & servername) parameters. An attackers can inject script code as name, username or servername via add function to manipulate the vulnerable module with malicious persistent web context. The persistent script code will be executed when the victim is processing to watch the vulnerable module listing (output|index).
Successful exploitation of the vulnerability result in session hijacking (customer/manager/admin) or stable (persistent) module context manipulation. Exploitation requires low user inter action and a low privileged web application user account.
Proof of Concept:
The persistent input validation vulnerabilities can be exploited by remote attackers with local low privileged user accounts and low required user interaction. For demonstration or reproduce ...