M0n0wall Multiple Cross Site Request Forgery Vulnerabilities
-
M0n0wall Multiple Cross Site Request Forgery Vulnerabilities 27 Dec. 2012
Summary
m0n0wall is prone to multiple cross-site request-forgery vulnerabilities because it fails to properly validate POST requests.Vulnerable Systems: * m0n0wall 1.33
Attackers can exploit these issues to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible.
An attacker can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.
The following exploit codes are available:
http://downloads.securityfocus.com/vulnerabilities/exploits/56844.html.txtDisclosure Timeline:
Published: December 06 2012
-
Wasn't this fixed with the release of m0n0wall 1.34 on 11/12/2012?
-
Indeed it seems the XSS vulnerability issues have been fixed, according to http://m0n0.ch/
-
These may be ones we've already fixed in 2.0.2/2.1
They look familiar.
-
We fixed m0n0wall's CSRF issues over 2 years ago with csrfmagic, same thing they implemented recently. 2.0.2 fixed a couple that were found more recently.
