|
BugTraq
PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection Oct 09 2008 01:02PM ProCheckUp Research (research procheckup com) (1 replies) Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection Oct 09 2008 06:20PM Vladimir '3APA3A' Dubrovin (3APA3A SECURITY NNOV RU) (2 replies) Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection Oct 10 2008 08:35AM ProCheckUp Research (research procheckup com) Re: PR08-24: Proxim Tsunami MP.11 2411 vulnerable to SNMP Injection Oct 09 2008 09:24PM lee e rian census gov (1 replies) |
|
 Privacy Statement |
Why do you think you can't do it with SNMP? An examples are settings DNS
server option via DHCP (or DNS domain name for proxy server
autodiscovery protocol) or even configuring a VPN tunnel for all
traffic. I'm not sure about Tsunami, for Orinoco these settings are
read/write:
http://support.ipmonitor.com/mibs/ORINOCO-MIB/oids.aspx
see e.g. oriDHCPServerPrimaryDNSIPAddress
--Friday, October 10, 2008, 1:24:27 AM, you wrote to 3APA3A (at) SECURITY.NNOV (dot) RU [email concealed]:
lercg> -----"Vladimir '3APA3A' Dubrovin" <3APA3A (at) SECURITY.NNOV (dot) RU [email concealed]>
wrote: -----
>>What can you achieve with script injection you can not achieve
>>with SNMP write access?
lercg> I don't know what you can actually achieve, but in addition to
whatever you
lercg> can do to/with the box you have SNMP write access for, it gives
you a shot
lercg> at the admin's machine. And maybe even a shot at everything
that the
lercg> admin's machine can talk to.
lercg> Regards,
lercg> Lee
>>
>>--Thursday, October 9, 2008, 5:02:44 PM, you wrote to
>>bugtraq (at) securityfocus (dot) com [email concealed]:
>>
>>PR> $ snmpset -v1 -c public 192.168.1.100 sysName.0 s
>>'">><script>alert(1)</script>'
>>
>>
>>--
>>~/ZARAZA http://securityvulns.com/
--
~/ZARAZA http://securityvulns.com/
Åñëè äàæå âû ïîëó÷èòå êàêîå-íèáóäü ïèñüìî, âû âñå ðàâíî íå ñóìååòå åãî ïðî÷èòàòü. (Òâåí)
[ reply ]