Actions
Bug #990
closedxss in pfsense I was testing beta 4 pfSense-2.0-BETA4-20100902-0947.iso
Start date:
11/04/2010
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:
Description
NOTE:
I haven't against the latest dev, because when I tried to update via today's snapshot it broke and will no longer boot :/
xss in pfsense I was testing beta 4 pfSense-2.0-BETA4-20100902-0947.iso
and found you can xss the web interface in 3 places:
This is issue 1 of 4(xss issues) (3 affect that beta 4 only) (with one against pfsense stable).
THIS ONLY AFFECTS BETA 4 2.0
xss via pkg.php
poc:
https://10.0.20.220/pkg.php?xml=jailctl.xm%27l%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
Actions