pfSense 2.4.1 CSRF Error Page Clickjacking

Posted by deepcore on December 14, 2017 – 1:41 am

This Metasploit module exploits a Clickjacking vulnerability in pfSense versions 2.4.1 and below. pfSense is a free and open source firewall and router. It was found that the pfSense WebGUI is vulnerable to Clickjacking. By tricking an authenticated admin into interacting with a specially crafted webpage it is possible for an attacker to execute arbitrary code in the WebGUI. Since the WebGUI runs as the root user, this will result in a full compromise of the pfSense instance.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Advantech WebAccess 8.2 Stack Buffer Overflow Fortinet FortiClient VPN Credential Disclosure »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

pfSense 2.4.1 CSRF Error Page Clickjacking

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL