git.ipfire.org Git - ipfire-2.x.git/commit - config/rootfiles/core/132/filelists/files

author	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 9 May 2019 13:51:40 +0000 (14:51 +0100)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Fri, 10 May 2019 08:04:54 +0000 (09:04 +0100)
commit	88e64c23c16a8f84d256c3d3fb97f46cf383a644
tree	60117da762a302aee91d95c7d7ed634ef2e40133	tree \| snapshot
parent	1d6bc7a0dc528eda73e7b4c2a2cd5112c25ad304	commit \| diff

routing: Fix potential authenticated XSS in input processing

An authenticated Stored XSS (Cross-site Scripting) exists in the
(https://192.168.0.241:444/cgi-bin/routing.cgi) Routing Table Entries
via the "Remark" text box or "remark" parameter. This is due to a
lack of user input validation in "Remark" text box or "remark"
parameter. It allows an authenticated WebGUI user with privileges
for the affected page to execute Stored Cross-site Scripting in
the Routing Table Entries (/cgi-bin/routing.cgi), which helps
attacker to redirect the victim to a attacker's phishing page.

The Stored XSS get prompted on the victims page whenever victim
tries to access the Routing Table Entries configuraiton page.

An attacker get access to the victim's session by performing
the CSRF and gather the cookie and session id's or possibly can
change the victims configuration using this Stored XSS.

This attack can possibly spoof the victim's informations.

Fixes: #12072
Reported-by: Dharmesh Baskaran <dharmesh201093@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/rootfiles/core/132/filelists/files		diff \| blob \| blame \| history
html/cgi-bin/routing.cgi		diff \| blob \| blame \| history