exploit the possibilities

Fireware XTM Web UI Open Redirect

Fireware XTM Web UI Open Redirect
Posted Mar 29, 2016
Authored by Manuel Mancera

Fireware XTM Web UI versions prior to 11.10.7 suffer from an open redirection vulnerability.

tags | exploit, web
MD5 | 98d24c058e47ba768e1f552315a0447b

Fireware XTM Web UI Open Redirect

Change Mirror Download
================================================================
Fireware XTM Web UI - Open Redirect
================================================================

Information
--------------------
Name: Fireware XTM Web UI - Open Redirect
Affected Software : Fireware XTM Web UI
Affected Versions: < 11.10.7
Vendor Homepage : http://www.watchguard.com/
Vulnerability Type : Open Redirect
Severity : Low
CVE: n/a


Product
--------------------
Fireware is the operating system of WatchGuard UTM security solutions.
It include a web UI to manage the devices.


Description
--------------------
An open redirect vulnerability has been detected in the login form. This
vulnerability allows to an attacker redirect to arbitrary websites
through the WatchGuard Fireware XTM Web UI Page.


Proof of Concept URL
--------------------
https://site:8080/auth/login?username=test&from_page=https://attacker.website/&domain=&password=\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\Windows\system.ini


Solution
--------------------
Update to the latest release.

More info:
https://www.watchguard.com/support/release-notes/fireware/11/en-US/#Fireware/en-US/resolved_issues.html?TocPath=_____11


Advisory Timeline
--------------------

15/12/2015 - Informed Vendor about the issue
16/12/2015 - Vendor answer and confirm the issue (BUG89149)
24/03/2016 - Vendor fixed in the latest release.
29/03/2016 - Public disclosure.


Credits & Authors
--------------------
Manuel Mancera (@sinkmanu)

www.a2secure.com


Disclaimer
-------------------
All information is provided without warranty. The intent is to provide
information to secure infrastructure and/or systems, not to be able to
attack or damage. Therefore A2Secure shall not be liable for any
director indirect damages that might be caused by using this information.
Login or Register to add favorites

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    16 Files
  • 23
    Jan 23rd
    1 Files
  • 24
    Jan 24th
    1 Files
  • 25
    Jan 25th
    36 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close