API tools faq
paste
Advertisement
CyberSecurityNEPAL

vulnerability IBAL Router

CyberSecurityNEPAL
Nov 19th, 2016
461
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.03 KB | None | 0 0
raw download clone embed print report
  1. ______ _ _ _ _ _____ _ _ _
  2. | ____| | | (_) | | | / ____| | | (_) |
  3. | |__ __ ___ __ | | ___ _| |_ | |__ _ _ | | _ _| |__ ___ _ __ ___ ___ ___ _ _ _ __ _| |_ _ _
  4. | __| \ \/ / '_ \| |/ _ \| | __| | '_ \| | | | | | | | | | '_ \ / _ \ '__/ __|/ _ \/ __| | | | '__| | __| | | |
  5. | |____ > <| |_) | | (_) | | |_ | |_) | |_| | | |___| |_| | |_) | __/ | \__ \ __/ (__| |_| | | | | |_| |_| |
  6. |______/_/\_\ .__/|_|\___/|_|\__| |_.__/ \__, | \_____\__, |_.__/ \___|_| |___/\___|\___|\__,_|_| |_|\__|\__, |
  7. | | __/ | __/ | __/ |
  8. |_| |___/ |___/ |___/
  9. -----------------------------------------------------------------------------------------------------------------------------+
  10. # vulnerability IBAL DSL Router Hack edit html code find user & Password there html code ibal router
  11.  
  12. # FOR MORE INFORMATION AND COMMENTS PLEASE CONTACT ME: newfeedback@hotmail.com
  13. -----------------------------------------------------------------------------------------------------------------------------+
  14. <html>
  15. <head>
  16. <meta HTTP-EQUIV='Pragma' CONTENT='no-cache'>
  17. <link rel="stylesheet" href='stylemain.css' type='text/css'>
  18. <link rel="stylesheet" href='colors.css' type='text/css'>
  19. <script language="javascript" src="util.js"></script>
  20. <script language="javascript">
  21. <!-- hide
  22.  
  23. pwdAdmin = 'admin';
  24. pwdSupport = 'support';
  25. pwdUser = 'user';
  26.  
  27. function btnApply() {
  28. var loc = 'password.cgi?';
  29. var passwordEndTag = 'useless';
  30.  
  31. with ( document.forms[0] ) {
  32. var idx = userName.selectedIndex;
  33. switch ( idx ) {
  34. case 0:
  35. alert("No username is selected.");
  36. return;
  37. case 1:
  38. if ( pwdOld.value == pwdAdmin )
  39. break;
  40. else {
  41. alert("Old admin password is wrong.");
  42. return;
  43. }
  44. case 2:
  45. if ( pwdOld.value == pwdSupport )
  46. break;
  47. else {
  48. alert("Old support password is wrong.");
  49. return;
  50. }
  51. case 3:
  52. if ( pwdOld.value == pwdUser )
  53. break;
  54. else {
  55. alert("Old user password is wrong.");
  56. return;
  57. }
  58. }
  59.  
  60. if ( pwdNew.value != pwdCfm.value ) {
  61. alert("The passwords do not match.");
  62. return;
  63. }
  64.  
  65. var str = new String();
  66. str = pwdNew.value;
  67. if ( str.length > 16 ) {
  68. alert('Password should not be longer than 16 characters.');
  69. return;
  70. }
  71. if ( str.indexOf(' ') != -1 ) {
  72. alert('Password cannot contain a space.');
  73. return;
  74. }
  75.  
  76. switch ( idx ) {
  77. case 2:
  78. loc += 'sptPassword=' + encodeUrl(pwdNew.value) + '&passwordEndTag=' + passwordEndTag;
  79. break;
  80. case 3:
  81. loc += 'usrPassword=' + encodeUrl(pwdNew.value) + '&passwordEndTag=' + passwordEndTag;
  82. break;
  83. default:
  84. loc += 'sysPassword=' + encodeUrl(pwdNew.value) + '&passwordEndTag=' + passwordEndTag;
  85. break;
  86. }
  87.  
  88. /* Add by Wu Yanhong, 24Feb2010
  89. * Avoid non-ISO-8859-1 character.
  90. */
  91. for ( i = 0; i < pwdNew.value.length; i++ )
  92. {
  93. if (pwdNew.value.substring(i,i+1).charCodeAt(0) >= 255)
  94. {
  95. return ;
  96. }
  97. }
  98. /* Add end */
  99.  
  100. var code = 'location="' + loc + '"';
  101. eval(code);
  102. }
  103. }
  104.  
  105. // done hiding -->
  106. </script>
  107. </head>
  108. <body>
  109. <blockquote>
  110. <form>
  111. <b>Access Control -- Password</b><br><br>
  112. Access to your DSL router is controlled through three user accounts: admin,
  113. support, and user.<br><br>
  114. The user name "admin" has unrestricted access to change and view configuration of
  115. your DSL Router.<br><br>
  116. The user name "support" is used to allow an ISP technician to access your
  117. DSL Router for maintenance and to run diagnostics.<br><br>
  118. The user name "user" can access the DSL Router, view configuration settings
  119. and statistics, as well as, update the router's software.<br><br>
  120. Use the fields below to enter up to 16 characters
  121. and click "Apply" to change or create password. Note: Password cannot contain a space.<br><br>
  122. <table border="0" cellpadding="0" cellspacing="0">
  123. <tr>
  124. <td width="120">Username:</td>
  125. <td><select name='userName' size="1">
  126. <option value="0">
  127. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp
  128. <option value="1">admin
  129. <option value="2">support
  130. <option value="3">user
  131. </select></td>
  132. </tr>
  133. <tr>
  134. <td>Old Password:</td>
  135. <td><input name='pwdOld' type="password" size="20"></td>
  136. </tr>
  137. <tr>
  138. <td>New Password:</td>
  139. <td><input name='pwdNew' type="password" size="20"></td>
  140. </tr>
  141. <tr>
  142. <td>Confirm Password:</td>
  143. <td><input name='pwdCfm' type='password' size="20"></td>
  144. </tr>
  145. </table>
  146. <br>
  147. <center><input type='button' onClick='btnApply()' value='Save/Apply'></center>
  148. </form>
  149. </blockquote>
  150. </body>
  151. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!