Vulnerability Development mailing list archives
Re[2]: Cisco IOS HTTP Configuration Exploit
From: Ertan Kurt <ertank () olympos org>
Date: Mon, 2 Jul 2001 12:37:26 +0300
BT> Does it mean that when i enter the URL i will not be prompted to enter the username and password?? Yes, just use the perl script (check previous mail) on a http server enabled cisco router and if it says smtg like: Vulnerable with {number} just use that number as shown below: http://routerIP/level/{number}/exec/- or send commands directly: http:///routerIP/level/{number}/exec/-/sh/ip/interface/brief/CR it will not ask you to provide a username and pass. Regards, Ertan Kurt BT> -----Original Message----- BT> From: Ertan Kurt ertank () olympos org BT> Sent: Sun, 1 Jul 2001 12:52:00 +0300 BT> To: vuln-dev () securityfocus com BT> CC: tamer () statu com tr BT> Subject: Fwd: Cisco IOS HTTP Configuration Exploit BT> Hi, BT> This does not work! What does this tool do really?? BT> I tried on several vulnerable routers but your tool gave errors ***cut***
Current thread:
- Fwd: Cisco IOS HTTP Configuration Exploit Ertan Kurt (Jul 01)
- <Possible follow-ups>
- Re: Cisco IOS HTTP Configuration Exploit Brian Tan (Jul 02)
- Re[2]: Cisco IOS HTTP Configuration Exploit Ertan Kurt (Jul 02)