[NSE] Identify RomPager rom-0 vulnerabilities

[Vlatko Kosturjak <kost () linux hr>]

Hello!

These NSE scripts identify simple, but dangerous vulnerabilities 
present on many network devices which are using RomPager Embedded Web 
Server.

Attacker is able to get your ISP password, wireless password and other 
sensitive information by issuing single HTTP GET request to ‘/rom-0′ URI.
Mentioned information disclosure is present in RomPager Embedded Web 
Server. Affected devices include ZTE, TP-Link, ZynOS, Huawei and many 
others. Vulnerability was published in 2014 (by looking at CVE), but I 
see lot of people don’t know about it: mainly because there was no hype 
about it and most of the popular vulnerability scanners failed in 
identifying it.

So, I hope this vulnerability will get better treatment after these 
NSE scripts.

NSE scripts are also available here:
https://github.com/kost/nmap-nse/tree/master/scripts

You can read more about vulnerability and exploitation here:
https://k0st.wordpress.com/2015/07/05/identifying-and-exploiting-rom-0-vulnerabilities/

Take care,
-- 
Vlatko Kosturjak - KoSt

Attachment: http-rompager-rom0.nse
Description:

Attachment: http-rompager-xss.nse
Description:

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/