Welcome. Here is a proof of concept XSS in the Verizon FiOS router (tested on Westell UltraLine Series3 Router). This can be dangerous as it basically allows any web page to take full control of your router.

Prerequisites are that you're already logged into your router or that you're using default username/password. This specific example will simply alert your Wifi password to you.

This proof of concept could be extended to do worse, such as changing your wifi password, setting an admin password, or even installing malicious firmware onto your router. All of this by simply visiting a web page.

See XSS here.

To view more exciting and potentially less invasive code, check out my website or follow my twitter.

developed by samy kamkar, 01/02/2010 (i palindrome i)