full-disclosure-uk January 2010 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Sprint / Verizon MiFi

Re: [Full-disclosure] Sprint / Verizon MiFi CSRF+CSS Gives up GPS info to attacker

From: Adam Baldwin <adam_baldwin_at_nospam>
Date: Sat Jan 16 2010 - 17:09:43 GMT
To: "A. Ramos" <aramosf@unsec.net>


On 1/16/10 8:13 AM, A. Ramos wrote:
> Hello all,
>
> Just another one: you can access to the configuration backup without
> authentication at: /config.xml.sav

If you have the Sprint MiFi with the latest firmware rev (AP 11.47.17 Router 018.0101) The correct path is
/config.xml.savefile

-Adam



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/