-----"Vladimir '3APA3A' Dubrovin" <3APA3A@xxxxxxxxxxxxxxxx> wrote: ----- >What can you achieve with script injection you can not achieve >with SNMP write access? I don't know what you can actually achieve, but in addition to whatever you can do to/with the box you have SNMP write access for, it gives you a shot at the admin's machine. And maybe even a shot at everything that the admin's machine can talk to. Regards, Lee > >--Thursday, October 9, 2008, 5:02:44 PM, you wrote to >bugtraq@xxxxxxxxxxxxxxxxx: > >PR> $ snmpset -v1 -c public 192.168.1.100 sysName.0 s >'">><script>alert(1)</script>' > > >-- >~/ZARAZA http://securityvulns.com/
