May 14, 2010

XSS vulnerability found on D-Link Router

Cross Site Scripting (XSS) vulnerability was found on the D-Link DI-724P+ Router, which can be exploited by conducting a cross-site scripting attacks.

Discovered Date: May 14, 2010
System affected: D-Link DI-724P+ Router, Firmware Version: v1.03
Discovered by: w01f

Vulnerability Description:
The XSS vulnerability is found in the Admin Web interface. It is accessible using (by default). Script can be injected from the GET string. This can be exploited by injecting arbitrary HTML and malicious script code, which will execute in a user's browser session.

Vulnerability testing:
Vulnerable URL:
Tested with: Windows XP with Internet Explorer 7, using Web proxy

In the Admin web interface, under the "wireless" tab, i injected a simple "alert("You are hack!")" script in the GET string. It was executed and display on the web browser.

According to D-Link, the router is out of support and will not be releasing any patches. Continue using on your own risk.

- SecurityFocus: D-Link DI-724P+ Router 'wlap.htm' HTML Injection Vulnerability
- OSVDB 65002 : D-Link DI-724P+ Admin Interface wlap.htm GET String XSS
- SANS: @RISK: The Consensus Security Vulnerability Alert
- Packet Storm: dlinkdi724p-xss.txt
- Full Disclosure: D-Link DI-724P+ Router - Cross Site Scripting Vulnerability

No comments:

Post a Comment