I recently found a vulnerability in Zyxel P-660R T1 . Although the impact factor is quite low as it is an XSS (Cross site scripting) but still a vulnerability is a vulnerability .
Xc0re Security Research Group
Disclaimer: [This code is for Educational Purposes , I would Not be responsible for any misuse of this code]
VECTOR : http://IP/Forms/home_1?&HomeCurrent_Date=‘ XSS Vector ‘01%2F01%2F2000
This works with the post request too ! As by default this value is sent through POST request.
Author : Usman Saeed , Xc0re Security Research Group.
Web Application security is very important nowadays ! especially due to ecommerce. Hence Web Application firewalls came into being ! which automatically filter out the malicious query string. And many high end technology giants have them installed !
But what IF ???!!!
Some one bypasses the WAF (Web Application Firewalls) , and because of the WAF, the programmers dont give much thought to filer or properly sanitize the input ! And once by passed then its all good for the attacker !
Detecting WAF !
WAFs can easily be detected by the response one gets in the http request ! For instance some WAFs give off wierd response codes ! such as 901 ! Some give 40x errors even thought he file exists ! Some drop the packets through FIN/RST ! so if the response is analysed one can easily determine whether the firewall is there or not or of which vendor it belongs to !
Bypassing WAF !
- Encoding the input into hex or Unicode !
- One can split their input strings using & and can easily bypass the WAF ! (esp the attack used for Modsecurity WAF)
- Even WAF have vulnerabilities such as XSS ! Thus can be easily by passed !
To conclude one can say that due to the premade rules of the WAFs it becomes predictable and very easy to bypass !
Hello ! recently i found a vulnerability in Cisco Subscriber Edge Services Manager which enables the attacker to exploit the XSS and HTML Injection bug ! Details can be checked on Xc0re
I think all the versions are affected !