lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050117011323.94c6f200@mail.kurczaba.com> From: advisories at securinews.com (Paul Kurczaba) Subject: Multiple Vulnerabilities in Netgear FVS318 Router Multiple Vulnerabilities in Netgear FVS318 Router http://www.securinews.com/vuln.htm?vulnid=103 ------------------------------------------------- Overview: The Netgear FVS318 is an easy to use, firewall/router designed for home users and small businesses. SecuriNews Research has found 2 vulnerabilities in the router. Vendor: Netgear (http://www.netgear.com) Affected Systems/Configuration: 2.4, possibly others Vulnerabilities/Exploits: 1) By using HEX encoded characters, it is possible to bypass the URL filter. For example, if the router administrator blocks the phrase ".exe"; a user can encode one or more characters in the URL phrase to bypass the filter. If we encode the 'x' in ".exe", the new phrase ".e%78e" will bypass the filter. 2) The content filter/log viewer contains a Cross Site Scripting vulnerability. When a user tries to access a blocked URL phrase, it is logged in the Security Log. If a user were to inject JavaScript into a blocked URL phrase, the JavaScript would be executed by the admin's browser when the security log is viewed. Proof of Concept: 1) Example above. 2) If the router administrator has blocked the URL phrase ".exe", a user can inject JavaScript as follows: http://www.example.com/somefile.exe</textarea><script>alert('XSS')</script> Note: The string "</textarea>" must be added before the injected JavaScript, as the security log is placed in a text area. Workaround: None. Date Discovered: January 14, 2005 Severity: Low-Medium Credit: SecuriNews Research http://www.securinews.com/
Powered by blists - more mailing lists