Re: [Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker

From: Adam Baldwin <adam_baldwin_at_nospam>
Date: Sat Jan 16 2010 - 17:09:43 GMT
To: "A. Ramos" <aramosf@unsec.net>

On 1/16/10 8:13 AM, A. Ramos wrote:
> Hello all,
>
> Just another one: you can access to the configuration backup without
> authentication at: /config.xml.sav

If you have the Sprint MiFi with the latest firmware rev (AP 11.47.17 Router 018.0101) The correct path is
/config.xml.savefile

-Adam

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: Stack Smasher: "Re: [Full-disclosure] Virus "JS.Dropper-33" gefunden"
Previous message: Juha-Matti Laurio: "Re: [Full-disclosure] Google today"
In reply to: A. Ramos: "Re: [Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]