The D-Link DI-724P+ router suffers from a cross site scripting vulnerability.
865b472426c226a98d255d2d61984241Security Advisory: D-Link DI-724P+ Router - Cross Site Scripting Vulnerability
========================================================
System affected: D-Link DI-724P+ Router, Firmware Version: v1.03
Vulnerability Description:
==================
Cross Site Scripting (XSS) vulnerability was found on the D-Link
DI-724P+ Router, which can be exploited by conducting a cross-site
scripting attacks.
In the Admin web interface, under the "wireless" tab, script can be
injected from the GET string. This can be exploited by injecting
arbitrary HTML and malicious script code, which will execute in a
user's browser session.
The vulnerable URL: http://192.168.0.1/wlap.htm (the default admin IP
is 192.168.0.1).
Researcher Info:
============
Discovered by: w01f
Website: http://labs-werew01f.blogspot.com
E-mail: hack [dot] werew01f [at] gmail [dot] com
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!