Sterlite SAM300AX ADSL router Cross Site Scripting (XSS)

My first security advisory 🙂

Well, I reported XSS in Sterlite router on Feb 5, 2010.

Sterlite SAM300AX is used by broadband customers in Delhi and Mumbai, India. Given the customer base of MTNL in these 2 metro cities, this vulnerability may be extremely useful for an attacker and / or a bot herder looking for new bots.

After waiting for vendor response 2 weeks +, I decided to publish this to Full Disclosure/publicly.

Sharing the vuln POST request and parameters here:

read more