February 2010

View all on this date written articles further down below.
07 Feb 2010

Sterlite SAM300AX ADSL router Cross Site Scripting (XSS)

My first security advisory :) Well, I reported XSS in Sterlite router on Feb 5, 2010. Sterlite SAM300AX is used by broadband customers in Delhi and Mumbai, India. Given the customer base of MTNL in these 2 metro cities, this vulnerability may be extremely useful for an attacker and / or a bot herder looking for new bots. After waiting for vendor response 2 weeks +, I decided to publish this to Full Disclosure/publicly. Sharing the vuln POST request and parameters here:

Read more