Full Disclosure mailing list archives
AirOS remote root 0day
From: Christopher Granger <chrisgrangerx () gmail com>
Date: Fri, 23 Dec 2011 16:46:28 +0000
Does anyone have additional information about this vulnerability? It looks like it can be exploited by requesting: http://[X.X.X.X]/admin.cgi/[any or no filename string].css Although http://gregsowell.com/?p=3428 states: "The exploit appears to be a flaw in the admin.cgi file(CORRECTION…IT IS ALL PAGES SO WE WILL BLOCK ALL CGI)." However, this last runs counter to what I've seen so far ... Thanks, -Chris
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- AirOS remote root 0day sd (Dec 22)
- <Possible follow-ups>
- AirOS remote root 0day Christopher Granger (Dec 24)
- Re: AirOS remote root 0day sd (Dec 24)