This exploit demonstrates CSRF vulnerabilities in the Comcast Xfinity Web Gateway, allowing remote attackers to perform actions such as adding blocked sites, managing devices, and changing firewall settings. It also includes stored XSS and a method to steal admin credentials via CSRF.
Classification
Working Poc 90%
Attack Type
Csrf | Xss | Info Leak
Target:
Comcast Xfinity Web Gateway (version unspecified)
No auth needed
Prerequisites:
Victim must be authenticated to the Xfinity Web Gateway · Attacker must trick victim into visiting a malicious page