exploit the possibilities

PFSense 2.5.0 Cross Site Scripting

PFSense 2.5.0 Cross Site Scripting
Posted Apr 28, 2021
Authored by William Costa

PFSense version 2.5.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | da48c8ecd86bf68532a8db99f3ada8be

PFSense 2.5.0 Cross Site Scripting

Change Mirror Download
I. VULNERABILITY
-------------------------
Store XSS Attacks vulnerabilities in PFSense Version 2.5.0
II. BACKGROUND
-------------------------
The pfSense project is a free network firewall distribution, based on the
FreeBSD operating system with a custom kernel and including third party
free software packages for additional functionality. Through this package,
system pfSense software is able to provide most of the functionality of
common commercial firewalls, and many times more.
III. DESCRIPTION
-------------------------
Has been detected a Stored XSS vulnerability in PFSense.
The code injection is done through the parameter “Description” in the page
“/services_wol_edit.php?id=0
IV. PROOF OF CONCEPT
-------------------------
The application does not validate the parameter “Description” correctly
when run Wake All Devices.
First add script in field “Description”
After Run
Wake All Devices
/services_wol.php?wakeall=true
V. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or script code in a targeted
user's browser, , that allows the execution of arbitrary HTML/script code
to be executed in the context of the victim user's browser.
VI. SYSTEMS AFFECTED
-------------------------
Tested PFSense 2.5.0
VII. SOLUTION
-------------------------
All data received by the application and that can be modified by the user,
before making any kind of transaction with them must be validated correctly
Upgrade 2.5.1

By William Costa
william.costa@gmail.com


Login or Register to add favorites

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close