ZYWALL Referer Header XSS Vulnerability
- From: "Deniz Cevik" <Deniz.Cevik@xxxxxxxxxxxxxxxx>
- Date: Thu, 8 May 2008 18:12:45 +0300
Affected Software/Device: Zyxel ZYWall 100
Vulnerability: Cross Site Scripting
Risk: Low
Description: The ZyWALL 100 is designed to act as a secure gateway via
xDSL/Cable modems or broadband routers for small to medium size
companies. The ZyWALL 100 features an ICSA certified firewall, IPSec VPN
capability, MultiNAT, web pages content filtering and an embedded web
configurator for easy configuration and management.
ZyWALL web based management interface utilizes referer header for
serving 404 Error pages. The vulnerability can be exploited by
requesting a non-existing web page with a specially crafted referer
header. As the application does not properly sanitize the data contained
in the referer header, desired script code can be run on client browser.
Sample Request:
GET /blah.htm HTTP/1.1
Host: www.site.com
Referer: blaaaa"><script>alert(12345)</script>aaaah.htm
Deniz CEVIK
www.intellectpro.com.tr
- Prev by Date: iDefense Security Advisory 05.07.08: Multiple Vendor rdesktop channel_process() Integer Signedness Vulnerability
- Next by Date: iDefense Security Advisory 05.07.08: Multiple Vendor rdesktop process_redirect_pdu() BSS Overflow Vulnerability
- Previous by thread: iDefense Security Advisory 05.07.08: Multiple Vendor rdesktop channel_process() Integer Signedness Vulnerability
- Next by thread: iDefense Security Advisory 05.07.08: Multiple Vendor rdesktop process_redirect_pdu() BSS Overflow Vulnerability
- Index(es):
