Type packetstorm
Reporter Deniz Cevik
Modified 2008-05-09T00:00:00


                                            `Affected Software/Device: Zyxel ZYWall 100  
Vulnerability: Cross Site Scripting  
Risk: Low  
Description: The ZyWALL 100 is designed to act as a secure gateway via  
xDSL/Cable modems or broadband routers for small to medium size  
companies. The ZyWALL 100 features an ICSA certified firewall, IPSec VPN  
capability, MultiNAT, web pages content filtering and an embedded web  
configurator for easy configuration and management.  
ZyWALL web based management interface utilizes referer header for  
serving 404 Error pages. The vulnerability can be exploited by  
requesting a non-existing web page with a specially crafted referer  
header. As the application does not properly sanitize the data contained  
in the referer header, desired script code can be run on client browser.  
Sample Request:  
GET /blah.htm HTTP/1.1  
Host: www.site.com  
Referer: blaaaa"><script>alert(12345)</script>aaaah.htm  
Deniz CEVIK