IPCop Firewall / Bugs / #807 IPCop <= 2.0.6 multiple vulnerabilities

Linux firewall distribution geared towards home and SOHO users.

#807 IPCop <= 2.0.6 multiple vulnerabilities

Milestone: 2.0

Status: open

Owner: nobody

Labels: Security (Patches etc) (51)

Priority: 8

Updated: 2015-01-27

Created: 2013-04-25

Creator: Yann CAM

Private: No

Hello IPCop development team,

I'm contacting you to inform you of some vulnerabilities in the latest version of IPCop <= 2.0.6.

A non-persistent XSS is present and can be exploited by attackers on IE browsers.
This allows you to bypass the CSRF protection implemented (referer checking).
A Remote command execution is exploitable on all browsers (if the referer is valid).
The non-persistent XSS can be used to gain a full interactive reverse-shell with CSRF protection bypass.

You will find all details in attached PoC and a private demonstration video can be viewed here : www.youtube.com/watch?v=ovhogZGHyMg

Do not hesitate to contact me for more information.

Thanking you in advance for your work on IPCop and future potential corrections.

Sincerely,

Yann CAM - Security consultant @ Synetis - ASafety

Discussion

Yann CAM - 2013-04-25

Full PoC details

20130331 - IPCop 2.0.6 multiple vulnerabilities.txt

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Yann CAM - 2013-04-30

priority: 5 --> 8
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

IPCop <= 2.0.6 multiple vulnerabilities

Linux firewall distribution geared towards home and SOHO users.

Group

Searches

Help

#807 IPCop <= 2.0.6 multiple vulnerabilities

Discussion