Date: Wed, 23 Oct 2002 23:50:22 +0200
From: Linux <linux@ariu.it>
To: bugtraq@securityfocus.com
Subject: Router DSL Dlink
Hi Gurus,
I need your opinion about insecurity into Dlink dsl router.
1 month ago, i've bought a Dlink DSL500 adsl router.
After some trouble with it, regarding telnet access and telnet command,
adevrtised in technical specification into Dlink's site (Italy and USA) but
not provided by Dlink's tech support. I've activeted the Remote
Administration Control, this permit a web access from remote network to
router management protected with user & password, also this control has
activated a telnet access to the router. This isn't a problem if i can
change dafault password used for telnet access whith another one.
I've written to Dlink italian tech support and asked them, how to change
default telnet password.
They said that the password is only for Dlink internal user and it can't be
changed.
This is can't be acceptable, the router hasn't security prerequisites. Yes i
can set a filter for telnet port, but I must be able to change telnet
password.
Can Dlink sell a product with this problem?
What can i do?
I think that Dlink must solve this problem providing a new firmware for the
router as soon as possible.
What is your opinion?
Please apologize myself for my english.
Thanks in advance.
Gabriele
----- Original Message -----
From: "qber66" <qber66@pandora.be>
To: <bugtraq@securityfocus.com>
Sent: Wednesday, September 11, 2002 8:17 PM
Subject: XSS bug in MyMarket 1.71
> +----------------------+
> | XSS in MyMarket 1.71 |
> +----------------------+
>
> Product Description
> ===================
> MyMarket is a fully functional online shopping catalog system, built using
> PHP and MySQL. It was created by Ying Zhang for the purpose of teaching
> people about the basics of creating an E-Commerce site. It can be found at
> http://mymarket.sourceforge.net/
>
>
> Vulnerable systems
> ==================
> MyMarket 1.71
>
> Exploit
> =======
>
http://[traget]/templates/form_header.php?noticemsg=<Scr*ipt>javascript:aler
> t(document.cookie)</Scr*ipt>
> (without "*")
>
> Solution
> ========
> put this two lines at the begin of form_header.php
>
> ---- form_header.php -----
> <?
> $noticemsg = HTMLSpecialChars($noticemsg);
> $errormsg = HTMLSpecialChars($errormsg);
> ...
> --------------------------
>
> Vendor response
> ===============
> I submitted this a week ago, the vendor didn't response yet.
>
> ------------------------------
> Tim Vandermeersch
> qber66@pandora.be
> http://users.pandora.be/tim/
>
>
>
