lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <0FBABA2F2A0ED949BE2E99B6AB60D729AFE96F@bismarck.intellect.local>
Date: Thu, 8 May 2008 18:12:45 +0300
From: "Deniz Cevik" <Deniz.Cevik@...ellect.com.tr>
To: <full-disclosure@...ts.grok.org.uk>, <bugtraq@...urityfocus.com>
Subject: ZYWALL Referer Header XSS Vulnerability

Affected Software/Device: Zyxel ZYWall 100

Vulnerability: Cross Site Scripting

Risk: Low

Description: The ZyWALL 100 is designed to act as a secure gateway via
xDSL/Cable modems or broadband routers for small to medium size
companies. The ZyWALL 100 features an ICSA certified firewall, IPSec VPN
capability, MultiNAT, web pages content filtering and an embedded web
configurator for easy configuration and management.

ZyWALL web based management interface utilizes referer header for
serving 404 Error pages. The vulnerability can be exploited by
requesting a non-existing web page with a specially crafted referer
header. As the application does not properly sanitize the data contained
in the referer header, desired script code can be run on client browser.

Sample Request:

GET /blah.htm HTTP/1.1
Host: www.site.com
Referer: blaaaa"><script>alert(12345)</script>aaaah.htm


Deniz CEVIK
www.intellectpro.com.tr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ