what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ProCheckUp Security Advisory 2008.19

ProCheckUp Security Advisory 2008.19
Posted Jan 15, 2009
Authored by Adrian Pastor, ProCheckUp | Site procheckup.com

The Cisco IOS HTTP server is vulnerable to cross site scripting within invalid parameters processed by the "/ping" server-side binary/script.

tags | exploit, web, xss
systems | cisco
SHA-256 | 9ae67732eb54093c6544c63e2953cba56031df7cd73a205c4ce458b69783a88a

ProCheckUp Security Advisory 2008.19

Change Mirror Download
PR08-19: XSS on Cisco IOS HTTP Server

Date found: 1st August 2008

Vendor contacted: 1st August 2008

Advisory publicly released: 14th January 2009

Severity: Medium

Credits: Adrian Pastor of ProCheckUp Ltd (www.procheckup.com)


Cisco IOS HTTP server is vulnerable to XSS within invalid parameters
processed by the "/ping" server-side binary/script.


An attacker may be able to cause execution of malicious scripting code
in the browser of a user who clicks on a link to the HTTP server of a
Cisco device.

This type of attack can result in non-persistent defacement of the
target admin interface, or the redirection of confidential information
to unauthorised third parties. i.e.: by scraping the data returned by
the '/level/15/exec/-/show/run/CR' URL via the XMLHttpRequest object.

It might also be possible to perform administrative changes by
submitting forged commands (CSRF) within the payload of the XSS attack.
i.e.: injecting an 'img' tag which points to
'/level/15/configure/-/enable/secret/newpass' would change the enable
password to 'newpass'.


1. The victim administrator needs to be currently authenticated for this
vulnerability to be exploitable

2. In order to exploit this vulnerability successfully, the attacker
only needs to know the IP address of the Cisco device. There is NO need
to have access to the IOS HTTP server

Proof of concept (PoC):<script>alert("Running+code+within+the_context+of+"%2bdocument.domain)</script>

Content of HTML body returned:

<BODY BGCOLOR=#FFFFFF><H2>test-router</H2><HR><DT>Error: URL syntax:
?<script>alert("Running code within the_context of

Successfully tested on:

Cisco 1803
Cisco IOS Software, C180X Software (C180X-ADVIPSERVICESK9-M), Version
12.4(6)T7, RELEASE SOFTWARE (fc5)

Assigned Cisco Bug ID#:


CVE reference:





Please see Cisco advisory for information on available updates.


Copyright 2009 ProCheckUp Ltd. All rights reserved.

Permission is granted for copying and circulating this Bulletin to the
Internet community for the purpose of alerting them to problems, if and
only if the Bulletin is not changed or edited in any way, is attributed
to ProCheckUp indicating this web page URL, and provided such
reproduction and/or distribution is performed for non-commercial purposes.

Any other use of this information is prohibited. ProCheckUp is not
liable for any misuse of this information by any third party. ProCheckUp
is not responsible for the content of external Internet sites.
Login or Register to add favorites

File Archive:

May 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    16 Files
  • 3
    May 3rd
    38 Files
  • 4
    May 4th
    15 Files
  • 5
    May 5th
    35 Files
  • 6
    May 6th
    0 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    8 Files
  • 9
    May 9th
    65 Files
  • 10
    May 10th
    19 Files
  • 11
    May 11th
    27 Files
  • 12
    May 12th
    8 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    1 Files
  • 15
    May 15th
    19 Files
  • 16
    May 16th
    66 Files
  • 17
    May 17th
    28 Files
  • 18
    May 18th
    32 Files
  • 19
    May 19th
    13 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    23 Files
  • 23
    May 23rd
    15 Files
  • 24
    May 24th
    49 Files
  • 25
    May 25th
    20 Files
  • 26
    May 26th
    13 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By