[Full-disclosure] WRT54G directory trasversial vulnerability
Barrie Dempster
barrie at reboot-robot.net
Fri Oct 14 10:51:34 BST 2005
On Wed, 2005-10-12 at 16:36 -0400, Shell wrote:
> I just found a vulnerability in Linksys WRT54G routers.
>
> http://192.168.1.1/apply.cgi?action=../
>
> It loads the page after action
>
> http://192.168.1.1/apply.cgi?action=../ returns the setup page
> http://192.168.1.1/apply.cgi?action=../blah returns that the file does not exist
Confirmed, however authentication is required. Still a vulnerability in
the system and worth patching though.
It's worth noting that there is alternative firmware available for this
device such as OpenWRT http://www.openwrt.org .
--
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue
"He who hingeth aboot, geteth hee-haw" Victor - Still Game
blog: http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca: https://www.cacert.org/index.php?id=3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1859 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051014/b77201d0/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.