Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection

To: ProCheckUp Research <research@xxxxxxxxxxxxxx>
Subject: Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
From: "Vladimir '3APA3A' Dubrovin" <3APA3A@xxxxxxxxxxxxxxxx>
Date: Thu, 9 Oct 2008 22:20:45 +0400
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <48EE00F4.3090906@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: http://www.security.nnov.ru
References: <48EE00F4.3090906@xxxxxxxxxxxxxx>
Reply-to: "Vladimir '3APA3A' Dubrovin" <3APA3A@xxxxxxxxxxxxxxxx>

Dear ProCheckUp Research,

 What  can  you  achieve  with script injection you can not achieve with
 SNMP write access?

--Thursday, October 9, 2008, 5:02:44 PM, you wrote to bugtraq@xxxxxxxxxxxxxxxxx:

PR> $ snmpset -v1 -c public 192.168.1.100 sysName.0 s
'">><script>alert(1)</script>'


-- 
~/ZARAZA http://securityvulns.com/

Follow-Ups:
- Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
  - From: ProCheckUp Research
- Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
  - From: lee . e . rian

References:
- PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
  - From: ProCheckUp Research

Prev by Date: Re: Token Kidnapping Windows 2003 PoC exploit
Next by Date: Re: Motorola Timbuktu's Internet Locator Service real-time data exposed to public.
Previous by thread: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
Next by thread: Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection
Index(es):
- Date
- Thread