Details of VAR-E-201312-0065

ID

VAR-E-201312-0065

EDB ID

30547

TITLE

D-Link DSL-2750u ME_1.09 - Cross-Site Request Forgery - Hardware webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 30547

DESCRIPTION

D-Link DSL-2750u ME_1.09 - Cross-Site Request Forgery. CVE-101776 . webapps exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 30547

AFFECTED PRODUCTS

vendor:

d link

model:

dsl-2750u me 1.09

scope:

version:

Trust: 1.6

sources: EXPLOIT-DB: 30547 // EDBNET: 52188

EXPLOIT

######################################################################
# Exploit Title: {D-Link DSL-2750U} CSRF Vulnerability
# Author: khaledmohdar(Mysterious guy)
# E-mail: fighterxwar@gmail.com(www.facebook.com/khaledmohdar)
# Category: Hardware
# Google Dork: N/A
# Vendor: http://www.dlink.com/
# Firmware Version: ME_1.09
# Product: http://www.dlinkmea.com/site/index.php/site/productDetails/232
# Tested on: Windows 7 32-bit
######################################################################

1)Introduction
==============
D-Link DSL-2750U High-Speed Internet The DSL-2750U Wireless N ADSL2+ 4-Port
Wi-Fi Router is a versatile,
high-performance router for home and the small office.
With integrated ADSL2/2+ supporting download speeds up to 24 Mbps,
firewall protection, Quality of Service (QoS), 802.11n wireless LAN,
and 4 Ethernet switch ports,
this router provides all the functions that a home or small office needs to
establish
a secure and high-speed
link to the Internet. Ultimate Wireless Connection with Maximum Security
============================================
2)Vulnerability Description

This router allows an attacker to bypass authentication and login to the
setup page
after that just make any settings and save or apply it and it's going to
say "worng old password"
Don't worry just hit ok . now you are in the Router settings you can
Download the config file
or whatever yuo want!

and now you can easily make a new settings Includes a new login password

#Exploit
========
open this link

192.168.1.1/html/config

then Wath my Video

https://www.youtube.com/watch?v=-Yvs_sc1tjQ

Trust: 1.0

sources: EXPLOIT-DB: 30547

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 30547

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 30547

TYPE

Cross-Site Request Forgery

Trust: 1.0

sources: EXPLOIT-DB: 30547

CREDITS

FIGHTERx war

Trust: 0.6

sources: EXPLOIT-DB: 30547

EXTERNAL IDS

db:	EXPLOIT-DB	id:	30547	Trust: 1.6
db:	EDBNET	id:	52188	Trust: 0.6

sources: EXPLOIT-DB: 30547 // EDBNET: 52188

REFERENCES

url:

https://www.exploit-db.com/exploits/30547/

Trust: 0.6

sources: EDBNET: 52188

SOURCES

db:	EXPLOIT-DB	id:	30547
db:	EDBNET	id:	52188

LAST UPDATE DATE

2022-07-27T10:03:14.149000+00:00

SOURCES RELEASE DATE

db:	EXPLOIT-DB	id:	30547	date:	2013-12-28T00:00:00
db:	EDBNET	id:	52188	date:	2013-12-28T00:00:00