| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Jan 2015 17:44:02 GMT
From: kingkaustubh@...com
To: bugtraq@...urityfocus.com
Subject: Reflected XSS vulnarbility in Asus RT-N10 Plus Router
#####################################
Title:- Reflected XSS vulnarbility in Asus RT-N10 Plus router
Author: Kaustubh G. Padwad
Product: ASUS Router RT-N10 Plus
Firmware: 2.1.1.1.70
Severity: Medium
Auth: Requierd
# Description:
Vulnerable Parameter: flag=
# Vulnerability Class:
Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS))
# About Vulnerability: Asus Router RT-N10 Plus with firmware 2.1.1.70 is vulnarable for crosss site scripting attack,this may cause a huge network compemise.
#Technical Details: The value of the flag request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload initial78846%27%3balert("Hacked_BY_S3curity_B3ast")%2f%2f372137b5d was submitted in the flag parameter. This input was echoed unmodified in the application's response.
#Steps to Reproduce: (POC):
After setting up router
Enter this URL
1.http://ip-of-router/result_of_get_changed_status.asp?current_page=&sid_list=LANGUAGE%3B&action_mode=+App
ly+&preferred_lang=&flag=initial78846%27%3balert(1337)%2f%2f372137b5d
2. this will ask for creadintial once creatintial enterd it will be successfull XSS
# Disclosure:
8-jan-2015 Repoerted to ASUS
9-jan-2015 Asus confirm that they reported to concern department
15-jan-2015 Ask for update from asus asus says reported to HQ
28-jan-2015 Ask asus about reporting security foucus No reply from ASUS
29-jan-2015 security focus bugtraq
#credits:
Kaustubh Padwad
Information Security Researcher
kingkaustubh@...com
https://twitter.com/s3curityb3ast
http://breakthesec.com
https://www.linkedin.com/in/kaustubhpadwad
Powered by blists - more mailing lists