Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/documentation/modules/exploit/unix/http/pfsense_clickjacking.md
Views: 11788
Vulnerable Application
This vulnerability affects any pfSense versions prior to 2.4.2-RELEASE.
Vulnerable Setup
The victim should be able to access the WebGUI & must be logged in as admin in order for this exploit to work. Possibly the WebGUI's TLS certificate must be trusted in the browser.
Verification Steps
use exploit/unix/http/pfsense_clickjackingset TARGETURI https://<ip WebGUI>exploitBrowse to the URL returned by MSF
Click anywhere on the returned page
Note that a new Meterpreter sessions was started.
Options
TARGETURI
The base path of the WebGUI. The default base path is https://192.168.1.1/