The D-Link DI-724P+ router suffers from a cross site scripting vulnerability.
5f9063506f2a28e50140ddd27f69d0b1652854d80f9ad864d303265cae695f0d
Security Advisory: D-Link DI-724P+ Router - Cross Site Scripting Vulnerability
========================================================
System affected: D-Link DI-724P+ Router, Firmware Version: v1.03
Vulnerability Description:
==================
Cross Site Scripting (XSS) vulnerability was found on the D-Link
DI-724P+ Router, which can be exploited by conducting a cross-site
scripting attacks.
In the Admin web interface, under the "wireless" tab, script can be
injected from the GET string. This can be exploited by injecting
arbitrary HTML and malicious script code, which will execute in a
user's browser session.
The vulnerable URL: http://192.168.0.1/wlap.htm (the default admin IP
is 192.168.0.1).
Researcher Info:
============
Discovered by: w01f
Website: http://labs-werew01f.blogspot.com
E-mail: hack [dot] werew01f [at] gmail [dot] com