Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-20031 PoC — SonicOS 输入验证错误漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-20031.yaml
Associated Vulnerability
Title:SonicOS 输入验证错误漏洞 (CVE-2021-20031)
Description:Sonicwall SonicWall SonicOS是美国SonicWall(Sonicwall)公司的一套专为SonicWall防火墙设备设计的操作系统。 SonicOS存在输入验证错误漏洞,该漏洞源于系统对于主机头缺乏有效的验证与转义。主机头重定向漏洞可能允许远程攻击者可利用该漏洞将防火墙管理用户重定向到任意web域。
Description
SonicWall SonicOS 7.0 contains an open redirect vulnerability. The values of the Host headers are implicitly set as trusted. An attacker can spoof a particular host header, allowing the attacker to render arbitrary links, obtain sensitive information, modify data, execute unauthorized operations. and/or possibly redirect a user to a malicious site.
File Snapshot

 id: CVE-2021-20031

info:
  name: SonicWall SonicOS 7.0 - Open Redirect
  author: gy741
  severity: 

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.