CVE-2015-2295

pfSense < 2.2 - Cross-Site Request Forgery via system_firmware_restorefullbackup.php deletefile Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2295. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary This advisory details multiple XSS and CSRF vulnerabilities in pfSense 2.2, including PoC URLs for XSS via unsanitized GET parameters and a CSRF exploit for arbitrary file deletion. The vulnerabilities allow attackers to execute arbitrary scripts or delete files with root privileges.

Description

Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.

Exploits (1)

exploitdb WRITEUP

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/36506

View Code ZIP pw:eip

This advisory details multiple XSS and CSRF vulnerabilities in pfSense 2.2, including PoC URLs for XSS via unsanitized GET parameters and a CSRF exploit for arbitrary file deletion. The vulnerabilities allow attackers to execute arbitrary scripts or delete files with root privileges.

Classification

Writeup 100%

Attack Type

Xss | Csrf

Complexity

Trivial

Reliability

Reliable

Target: pfSense 2.2 and prior

Auth required

Prerequisites: Logged-in administrator session · Victim interaction (clicking a crafted link)

MITRE ATT&CK