lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <54D23056.1010400@varnost.si>
Date: Wed, 04 Feb 2015 15:44:38 +0100
From: Darko Vršič <darko@...nost.si>
To: bugtraq@...urityfocus.com
Subject: Re: CVE-2015-1437  XSS In ASUS Router.

On 02/04/2015 02:44 PM, Michael Meyer wrote:
> *** kingkaustubh@...com wrote:
>> #####################################
>> Title:-   Reflected XSS vulnarbility in Asus RT-N10 Plus router
>> Author:   Kaustubh G. Padwad
>> Product:  ASUS Router RT-N10 Plus
>> Firmware: 2.1.1.1.70
>> Severity: HIGH
>> Auth:     Not requierd
>> CVE ID:   CVE-2015-1437
>> # Description:
>> Vulnerable Parameter: flag=
>> # Vulnerability Class:
>> Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS))
> [...]
>
>> Enter this URL
>> 1.http://router/error_page.htm?flag=initial78846%27%3balert(document.lastmodified)%2f%2f372137b5d
>> 2.http://router/error_page.htm?flag=initial78846%27%3balert("Hacked_BY_S3curity_B3ast")%2f%2f372137b5d
> https://sintonen.fi/advisories/asus-router-auth-bypass.txt
>
> Micha

So it's only vulnerable if WEB access is open to the internet, or 
attacker is in LAN?

Darko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ