Yorick Koster
24 lines
671 B
Markdown
24 lines
671 B
Markdown
## Vulnerable Application
|
|
|
|
This vulnerability affects any pfSense versions prior to 2.4.2-RELEASE.
|
|
|
|
## Vulnerable Setup
|
|
|
|
The victim should be able to access the WebGUI & must be logged in as admin in order for this exploit to work. Possibly the WebGUI's TLS certificate must be trusted in the browser.
|
|
|
|
## Verification Steps
|
|
|
|
1. `use exploit/unix/http/pfsense_clickjacking`
|
|
2. `set TARGETURI https://<ip WebGUI>`
|
|
3. `exploit`
|
|
4. Browse to the URL returned by MSF
|
|
5. Click anywhere on the returned page
|
|
6. Note that a new Meterpreter sessions was started.
|
|
|
|
|
|
## Options
|
|
|
|
**TARGETURI**
|
|
|
|
The base path of the WebGUI. The default base path is https://192.168.1.1/
|