Project

General

Profile

Actions

Bug #16932

open

Potential stored XSS in ``pfblockerng_alerts.php`` while viewing DNS reply data

Added by Jim Pingle about 5 hours ago. Updated about 4 hours ago.

Status:
Feedback
Priority:
Normal
Assignee:
Category:
pfBlockerNG
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

The pfBlockerNG Reports page (pfblockerng_alerts.php) parses various logs and displays the data to the user. The DNS Reply and DNS Reply Stats tabs parse data collected while the DNSBL Mode is set to Unbound Python mode with DNS Reply Logging enabled and then display this data to administrators without encoding.

If an attacker controls DNS servers for a domain and can serve arbitrary TXT records, resolving a hostname through those servers while in this mode can lead to the reply text being shown to the administrator without encoding, leading to a potential for a stored XSS to occur.

Reported By: Rob Reeves

Actions #1

Updated by Jim Pingle about 5 hours ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100

Fixed in the latest revision of the package(s).

Actions #2

Updated by Jim Pingle about 5 hours ago

  • Private changed from Yes to No

New packages are built and now available.

Actions #3

Updated by Jim Pingle about 4 hours ago

  • Description updated (diff)
Actions

Also available in: Atom PDF