NSE scripts for XSS and session hijacking in AsusWRT

[Rewanth Cool <ravatheruler4 () gmail com>]

ASUSWRT is a wireless router operating system that powers many routers
produced by ASUS.

NSE scripts for CVE-2017-6547 ( XSS ) and CVE-2017-6549 ( Session stealing
) are developed for AsusWRT.

The script comes under "vuln", "intrusive", "exploit", "dos" categories.
Failed attempts lead to dos attack.

There is a PR on #779 <https://github.com/nmap/nmap/pull/779> regarding the
both the latest CVE's.

NOTE : These vulnerabilities are yet to be patched by the vendors and are
exploitable now.

Best regards,
Rewanth.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/