# Exploit Title: pfSense Firewall <= 2.2.6 Cross-Site Request Forgery # Exploit Author: Aatif Shahdad # Software Link: http://files.nyi.pfsense.org/mirror/downloads/old/pfSense-LiveCD-2.2.5-RELEASE-i386.iso.gz # Version: 2.2.6 and below. # Contact: https://twitter.com/61617469665f736 # Category: webapps 1. Description An attacker can coerce a logged-in victim's browser to issue requests that will start/stop/restart services on the Firewall. 2. Proof of Concept Login to the Web Console, for example, (set at the time of install) and open the following POC’s: Start NTPD service:
Stop NTPD service:
Restart NTPD service: POC:
The service will automatically start/stop. Note: That NTPD service can be replaced with any service running on the Firewall. For example, to stop the APINGER (gateway monitoring daemon) service, use the following POC:
3. Solution: Upgrade to version 2.3 at https://www.pfsense.org/download/mirror.php?section=downloads