Home / vulnerabilities dlinkdi724p-xss.txt
Posted on 20 May 2010
Source : packetstormsecurity.org Link
Security Advisory: D-Link DI-724P+ Router - Cross Site Scripting Vulnerability
========================================================
System affected: D-Link DI-724P+ Router, Firmware Version: v1.03
Vulnerability Description:
==================
Cross Site Scripting (XSS) vulnerability was found on the D-Link
DI-724P+ Router, which can be exploited by conducting a cross-site
scripting attacks.
In the Admin web interface, under the "wireless" tab, script can be
injected from the GET string. This can be exploited by injecting
arbitrary HTML and malicious script code, which will execute in a
user's browser session.
The vulnerable URL: http://192.168.0.1/wlap.htm (the default admin IP
is 192.168.0.1).
Researcher Info:
============
Discovered by: w01f
Website: http://labs-werew01f.blogspot.com
E-mail: hack [dot] werew01f [at] gmail [dot] com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
