Project

General

Profile

Bug #5201

Stored XSS on authentication services

Added by Fernando Munoz almost 5 years ago. Updated almost 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
Start date:
09/24/2015
Due date:
% Done:

0%

Estimated time:
Affected Version:
All
Affected Architecture:

Description

To reproduce the cross-site scripting:

1. Go to https://localhost:9090/system_authservers.php?act=new

- on field Descriptive name:  "></option></select><img src=x onerror=alert(1)>
- fill other required fields
- save

2. Go to https://localhost:9090/diag_authentication.php

Alert appears

XSS2.png (93.6 KB) XSS2.png Fernando Munoz, 09/24/2015 10:27 AM
XSS1.png (110 KB) XSS1.png Fernando Munoz, 09/24/2015 10:28 AM

History

#1 Updated by Fernando Munoz almost 5 years ago

Seems like encoding on this bugtracker breaks the payload, I'm attaching an image that shows what to type.

#2 Updated by Jim Pingle almost 5 years ago

  • Status changed from New to Feedback

Please re-test on a 2.2.5 snapshot from https://snapshots.pfsense.org/

I believe we have already fixed this after 2.2.4, notably with 64c50ecd239a61b42e9179be486f3792c03cb0b8

#3 Updated by Chris Buechler almost 5 years ago

  • Target version set to 2.2.5

#4 Updated by Chris Buechler almost 5 years ago

  • Category set to Web Interface
  • Status changed from Feedback to Resolved
  • Affected Version set to All

confirmed fixed by what JimP linked.

Also available in: Atom PDF