Actions
Bug #16932
openPotential stored XSS in ``pfblockerng_alerts.php`` while viewing DNS reply data
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
Description
The pfBlockerNG Reports page (pfblockerng_alerts.php) parses various logs and displays the data to the user. The DNS Reply and DNS Reply Stats tabs parse data collected while the DNSBL Mode is set to Unbound Python mode with DNS Reply Logging enabled and then display this data to administrators without encoding.
If an attacker controls DNS servers for a domain and can serve arbitrary TXT records, resolving a hostname through those servers while in this mode can lead to the reply text being shown to the administrator without encoding, leading to a potential for a stored XSS to occur.
Reported By: Rob Reeves
Actions