[Full-disclosure] WRT54G directory trasversial vulnerability

Shell shell6 at gmail.com
Wed Oct 12 21:36:31 BST 2005

Previous message: [Full-disclosure] Security Advisory: SQL injection in PhpWebSite <= 0.10.1
Next message: [Full-disclosure] WRT54G directory trasversial vulnerability
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I just found a vulnerability in Linksys WRT54G routers.

http://192.168.1.1/apply.cgi?action=../

It loads the page after action

http://192.168.1.1/apply.cgi?action=../ returns the setup page
http://192.168.1.1/apply.cgi?action=../blah returns that the file does not exist

Previous message: [Full-disclosure] Security Advisory: SQL injection in PhpWebSite <= 0.10.1
Next message: [Full-disclosure] WRT54G directory trasversial vulnerability
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Full-Disclosure is hosted and sponsored by Secunia.