CVE-2020-5142 PoC — SonicWall SonicOS SSLVPN NACagent 跨站脚本漏洞

Source

https://github.com/hackerlawyer/CVE-2020-5142-POC-MB

Associated Vulnerability

Title:SonicWall SonicOS SSLVPN NACagent 跨站脚本漏洞 (CVE-2020-5142)
Description:SonicWall SonicOS SSLVPN NACagent是美国SonicWall公司的一款VPN（虚拟私人网络）客户端应用程序。 SonicOS SSLVPN web interface 存在跨站脚本漏洞，攻击者可利用该漏洞能够在防火墙SSLVPN门户中存储并可能执行任意的JavaScript代码。以下产品及版本受到影响：5.9.1.7版本，5.9.1.13版本，6.5.4.7版本，6.5.1.12版本，6.0.5.3版本，SonicOSv 6.5.4版本，SonicOS 7.0.0.0版本。

Description

Reflected XSS found by Burp Suite in several locations on SonicOS 7.0 Sonicwall NSA device.

Readme

# CVE-2020-5142-POC-MB
Reflected XSS found by Burp Suite in several locations on SonicOS 7.0 Sonicwall NSA device.

File Snapshot


 [4.0K]  /data/pocs/867fef1eb3b7465d007ed33738597f1be974440c
├── [ 545]  CVE20205142MB.txt
└── [ 115]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!