Tag Archives: vulnerability

ZyXEL P-660R-T1 V2 XSS Zeroday Vulnerability

I recently found a vulnerability in Zyxel P-660R T1 . Although the impact factor is quite low as it is an XSS (Cross site scripting) but still  a vulnerability is a vulnerability .

Xc0re Security Research Group

Disclaimer: [This code is for Educational Purposes , I would Not be responsible for any misuse of this code]

Exploit:

VECTOR : http://IP/Forms/home_1?&HomeCurrent_Date=‘ XSS Vector ‘01%2F01%2F2000

This works with the post request too ! As by default this value is sent through POST request.

Author : Usman Saeed , Xc0re Security Research Group.

 

 


Web Application firewall bypass !

security

Web Application security is very important nowadays ! especially due to ecommerce. Hence Web Application firewalls came into being ! which automatically filter out the malicious query string. And many high end technology giants have them installed !

But what IF ???!!!

Some one bypasses the WAF (Web Application Firewalls) , and because of the WAF, the programmers dont give much thought to filer or properly sanitize the input ! And once by passed  then its all good for the attacker !

Detecting WAF !

WAFs can easily be detected by the response one gets in the http request ! For instance some WAFs give off wierd response codes ! such as 901 ! Some give  40x  errors even thought he file exists !  Some drop the packets through FIN/RST ! so if the response is analysed one can easily determine whether the firewall is there or not or of which vendor it belongs to !

Bypassing WAF !

  • Encoding the input into hex or Unicode !
  • One can split their input strings using & and can easily bypass the WAF ! (esp the attack used for Modsecurity WAF)
  • Even WAF have vulnerabilities such as XSS ! Thus can be easily by passed !

To conclude one can say that due to the premade rules of the WAFs it becomes predictable and very easy to bypass !

 


Cisco Subscriber Edge Services Manager Cross Site Scripting And HTML Injection Vulnerabilities

Hello ! recently i found a vulnerability in Cisco Subscriber Edge Services Manager which enables the attacker to exploit the XSS and HTML Injection bug ! Details can be checked on Xc0re
I think all the versions are affected !