Project

General

Profile

Actions

Bug #5201

closed

Stored XSS on authentication services

Added by Fernando Munoz over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
Start date:
09/24/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

To reproduce the cross-site scripting:

1. Go to https://localhost:9090/system_authservers.php?act=new

- on field Descriptive name:  "></option></select><img src=x onerror=alert(1)>
- fill other required fields
- save

2. Go to https://localhost:9090/diag_authentication.php

Alert appears


Files

XSS2.png (93.6 KB) XSS2.png Fernando Munoz, 09/24/2015 10:27 AM
XSS1.png (110 KB) XSS1.png Fernando Munoz, 09/24/2015 10:28 AM
Actions #1

Updated by Fernando Munoz over 8 years ago

Seems like encoding on this bugtracker breaks the payload, I'm attaching an image that shows what to type.

Actions #2

Updated by Jim Pingle over 8 years ago

  • Status changed from New to Feedback

Please re-test on a 2.2.5 snapshot from https://snapshots.pfsense.org/

I believe we have already fixed this after 2.2.4, notably with 64c50ecd239a61b42e9179be486f3792c03cb0b8

Actions #3

Updated by Chris Buechler over 8 years ago

  • Target version set to 2.2.5
Actions #4

Updated by Chris Buechler over 8 years ago

  • Category set to Web Interface
  • Status changed from Feedback to Resolved
  • Affected Version set to All

confirmed fixed by what JimP linked.

Actions

Also available in: Atom PDF