BugTraq
Medium security hole affecting DSL-G624T May 02 2007 10:43PM
Tim Brown (timb nth-dimension org uk) (1 replies)
Re: Medium security hole affecting DSL-G624T May 03 2007 09:13PM
3APA3A (3APA3A SECURITY NNOV RU) (1 replies)
Re: Medium security hole affecting DSL-G624T May 03 2007 09:50PM
Tim Brown (timb nth-dimension org uk) (1 replies)
Re[2]: Medium security hole affecting DSL-G624T May 03 2007 10:19PM
3APA3A (3APA3A SECURITY NNOV RU) (1 replies)
Re: Medium security hole affecting DSL-G624T May 03 2007 10:59PM
Tim Brown (timb nth-dimension org uk)
On Thursday 03 May 2007 23:19:55 3APA3A wrote:

> Not exactly, read first link carefully:
>
> Tested on D-Link DSL-G624T
> Version: Firmware Version : V3.00B01T01.YA-C.20060616
>
> Discovered by:
>
> Jose Ramon Palanco: jose.palanco(at)eazel(dot).es

Fair enough I stand corrected but it's been there since 1.something, so either
way it's not new. I shall be more careful to read responses in future :).
To categorically state what I mentioned in the original advisory, "I do not
make any claim to having discovered the directory traversal first, I simply
want the bug fixed".

> Jose mentions both directory traversal and 3 examples of crossite
> scripting. Crossite scripting examples are different from yours though
> and require POST request. Your CSS is easier to exploit.

Exactly. Although SF is now attributing BID 23802 (my XSS) to Jose as well :)

> In fact, at least Russian D-Link support is very responsive to any bug
> report, but it seems like only way to get a response is to post a
> problem on their forum.

So it seems, and there lies the problem, the UK forum at least does not
function in either Firefox or Konqueror. I like vendors who respond by email
and I like vendors who respond[1] quickly even more :).

[1] such as our alternate discussion
--
Tim Brown
<mailto:timb (at) nth-dimension.org (dot) uk [email concealed]>
<http://www.nth-dimension.org.uk/>

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus