Exploit for SQL Injection in Sonicwall Sma 210 Firmware CVE-2021-20028

Name: Exploit for SQL Injection in Sonicwall Sma 210 Firmware CVE-2021-20028
Rating: 5 (801 reviews)
2022-02-19 | CVSS 7.5
## https://sploitus.com/exploit?id=38AA86FD-8221-5B5B-A473-1004C8FF2312
# CVE-2021-20028
Dorks:
SonicWall Exploit CVE-2021-20028
app:"SonicWALL SSL-VPN" +app:"SonicWALL SSL-VPN http proxy" +country:"US" +port:"443"
app:"SonicWALL SSL-VPN" +country:"US" +port:"443"
app:"SonicWALL SSL-VPN" +app:"SonicWALL SSL-VPN http proxy" +port:"443"
app:"Secure Mobile Access"

Install English:
Ubuntu 18.10
# apt install nginx
# apt install apache2-utils
# apt install ssl-cert
# make-ssl-cert generate-default-snakeoil
# apt install python3-pip
# pip3 install requests[socks]

nginx config configuration:

# touch /etc/nginx/sites-available/scanner
# ### see _files/etc/nginx/sites-available/scanner
# ln -sf /etc/nginx/sites-available/scanner /etc/nginx/sites-enabled/

Edit /etc/ssl/openssl.cnf
- add the line "openssl_conf = openssl_init" to the very top
- add the following lines at the very end:

----%<----
[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
CipherString = DEFAULT@SECLEVEL=1
----%<----

Set user to login via nginx:

# htpasswd -c /etc/nginx/.htpasswd user

Restart nginx:

# systemctl enable nginx
# systemctl start nginx

Filling and configuring the scanner application:

# Go to /script/
# ./build.sh
# After there will be a compiled app
# mkdir -p /root/app/
# ### upload app and templates/ to /root/app

Configuring systemd to launch the scanner application:

# touch /etc/systemd/system/app.service
# ### see _files/etc/systemd/system/app.service
#systemctl enable app.service
# systemctl start app.service
# ss -lnt | grep 7777 # check that app is listening on lo:7777

Password for app decryption (can be changed in script/build.sh):

# echo -ne "9968616e676520746869732070617373776f726420746f206120736563726574" >/tmp/.cache-id

# Also install dependencies pip install Crypto

https://satoshidisk.com/pay/CEidDP

-----------------------------------------------------------------------------------------------------------------------------------------------------------
Установка по Русски:
Ubuntu 18.10
# apt install nginx
# apt install apache2-utils
# apt install ssl-cert
# make-ssl-cert generate-default-snakeoil
# apt install python3-pip
# pip3 install requests[socks]

Настройка кинфигурации nginx:

# touch /etc/nginx/sites-available/scanner
# ### см _files/etc/nginx/sites-available/scanner
# ln -sf /etc/nginx/sites-available/scanner /etc/nginx/sites-enabled/

Правка /etc/ssl/openssl.cnf
- добавить строку "openssl_conf = openssl_init" в самый верх
- добавить следующие строки в самый конец:

----%<----
[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
CipherString = DEFAULT@SECLEVEL=1
----%<----

Задать пользователя для входа через nginx:

# htpasswd -c /etc/nginx/.htpasswd user

Рестартануть nginx:

# systemctl enable nginx
# systemctl start nginx

Заливка и настройка приложения сканера:

# Заходим в /script/
# ./build.sh 
# После будет скомпилированный app
# mkdir -p /root/app/
# ### залить app и templates/ в /root/app

Настройка systemd на запуск приложения сканера:

# touch /etc/systemd/system/app.service
# ### см _files/etc/systemd/system/app.service
#systemctl enable app.service
# systemctl start app.service
# ss -lnt | grep 7777 # проверка, что app слушает на lo:7777

Пароль для расшифровки app (можно сменить в script/build.sh):

# echo -ne "9968616e676520746869732070617373776f726420746f206120736563726574" >/tmp/.cache-id

# Так же устанавливаем зависимости pip install Crypto

https://satoshidisk.com/pay/CEidDP

----------------------------------------------------------------------------------------------------------------------------------------------------------