PaloAlto has issued a patch for a XSS attack on the captive portal that I disclosed a few months back. The official advisory can be found here:
https://securityadvisories.paloaltonetworks.com/Home/Detail/66
(Detail taken from https://securityadvisories.paloaltonetworks.com/)
The attack has been given a CVSS score of 6.1:
(Screenshot taken from IBM X-Force: https://exchange.xforce.ibmcloud.com/vulnerabilities/118524)
Below follows the original report submitted to PaloAlto along with sample exploit code:
Version: PANOS 7.0.5
Summary: XSS issue in HTML used for the user login portal. An attacker can run arbitrary javascript by manipulating the username field. See attached screenshot
Steps to Reproduce:
- Setup plain vanilla, standard HTTP captive portal, using the web form option
- A user will be presented with the default captive portal.
- As a username, enter something like (including all quotes):
“;alert (‘i can steal your cookies’);var test=”
- Alert is shown (see screenshot below)
https://docs.google.com/document/d/1ySL-Md2d2p9oDIHsFU-WRpyTqbHZOKkWW-VDFmEQiWY/pub
David Vassallo's Blog 
You must be logged in to post a comment.