D-Link DSL-2750u ME_1.09 – Cross-Site Request Forgery

• Exploit Database
• 41 阅读

• 作者： FIGHTERx war
  日期： 2013-12-28
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/30547/

• ######################################################################
  # Exploit Title:{D-Link DSL-2750U} CSRF Vulnerability
  # Author: khaledmohdar(Mysterious guy)
  # E-mail: fighterxwar@gmail.com(www.facebook.com/khaledmohdar)
  # Category: Hardware
  # Google Dork: N/A
  # Vendor: http://www.dlink.com/
  # Firmware Version: ME_1.09
  # Product: http://www.dlinkmea.com/site/index.php/site/productDetails/232
  # Tested on: Windows 7 32-bit
  ######################################################################
  
  1)Introduction
  ==============
  D-Link DSL-2750U High-Speed Internet The DSL-2750U Wireless N ADSL2+ 4-Port
  Wi-Fi Router is a versatile,
   high-performance router for home and the small office.
   With integrated ADSL2/2+ supporting download speeds up to 24 Mbps,
   firewall protection, Quality of Service (QoS), 802.11n wireless LAN,
   and 4 Ethernet switch ports,
  this router provides all the functions that a home or small office needs to
  establish
  a secure and high-speed
  link to the Internet. Ultimate Wireless Connection with Maximum Security
  ============================================
  2)Vulnerability Description
  
  This router allows an attacker to bypass authentication and login to the
  setup page
  after that just make any settings and save or apply it and it's going to
  say "worng old password"
  Don't worry just hit ok . now you are in the Router settings you can
  Download the config file
  or whatever yuo want!
  
  and now you can easily make a new settings Includes a new login password
  
  
  #Exploit
  ========
  open this link
  
  192.168.1.1/html/config
  
  then Wath my Video
  
  https://www.youtube.com/watch?v=-Yvs_sc1tjQ