Sunday, February 7, 2010

Sterlite SAM300AX ADSL router Cross Site Scripting (XSS)

Well, I reported XSS in Sterlite router on Feb 5, 2010.

Sterlite SAM300AX is used by broadband customers in Delhi and Mumbai, India. Given the customer base of MTNL in these 2 metro cities, this vulnerability may be extremely useful for an attacker and / or a bot herder looking for new bots.

After waiting for vendor response 2 weeks +, I decided to publish this to Full Disclosure/publicly.

Sharing the vuln POST request and parameters here:

POST Request
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:
Gecko/20091221 Firefox/3.5.7 Paros/3.2.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Authorization: Basic YWRtaW46YWRtaW4=
Content-Type: application/x-www-form-urlencoded
Content-length: 101
POST Parameters



Remote script / code execution, login theft n other nasty things.
Vulnerability Found: January 19, 2010 
Vendor First Notified: January 20, 2010 
Vendor Response: None 
Follow Up Notification: January 27, 2010 
Vendor Response: None 
Public Disclosure: February 05, 2010 

You can read the full details here:

No comments:

Post a Comment


The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.