what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

OSVDB: OSVDB-89912

Linksys WRT54GL apply.cgi Command Execution

Posted Apr 10, 2013

Authored by Michael Messner, juan vazquez | Site metasploit.com

Some Linksys Routers are vulnerable to an authenticated OS command injection in the Web Interface. Default credentials are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes. The user must be prudent when using this module since it modifies the router configuration while exploitation, even when it tries to restore previous values.

tags | exploit, web

advisories | OSVDB-89912

SHA-256 | 842e633a501f723e29c147350b0f672da78b474050f74be28f55d1501d673b3c

Download | Favorite | View

Linksys E1500/E2500 apply.cgi Remote Command Injection

Posted Apr 2, 2013

Authored by Michael Messner, juan vazquez | Site metasploit.com

Some Linksys Routers are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes.

tags | exploit, web

advisories | OSVDB-89912

SHA-256 | b0afd45182320ce4cbe58cfbaef05397334c74a08e5a150118bf0469c6dc9d01

Download | Favorite | View