Project

General

Profile

Actions

Bug #990

closed

xss in pfsense I was testing beta 4 pfSense-2.0-BETA4-20100902-0947.iso

Added by dave b about 14 years ago. Updated almost 14 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
11/04/2010
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

NOTE:
I haven't against the latest dev, because when I tried to update via today's snapshot it broke and will no longer boot :/

xss in pfsense I was testing beta 4 pfSense-2.0-BETA4-20100902-0947.iso
and found you can xss the web interface in 3 places:
This is issue 1 of 4(xss issues) (3 affect that beta 4 only) (with one against pfsense stable).

THIS ONLY AFFECTS BETA 4 2.0

xss via pkg.php

poc:
https://10.0.20.220/pkg.php?xml=jailctl.xm%27l%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E

Actions

Also available in: Atom PDF