Sagem Fast 3304-V2 Credential Disclosure

`Exploit title: FAST3304v2 Credentials Disclosure vulnerability  
  
Author: Nassim Asrir  
  
Author Company: HenceForth  
  
Author Email: [email protected]  
  
Discovered on: 13/11/2016  
  
Tested on: Linux x86_64 / Mozilla Firefox 49.  
  
Tested Version: Sagem Fast 3304-V2 (other versions may also be affected)  
  
Vendor: http://www.sagemcom.com/  
  
Description :  
  
- Sagem Fast 3304-v2 router is vulnerable to a Remote Credentials  
Disclosure Vulnerability . This vulnerability allow to a remote  
attacker to get the login and password for any services in the  
router (Ex: USB Share)  
  
Proof:  
- The Sagem fast 3304-v2 router has a service (USB Share) this  
service allow to share Folder or Pics or in Local Network (LAN)  
and for see the shared folders you need the login credentials from  
the Admin . So we can get it just with a javascript code.  
  
1- Navigate The router Login Page (192.168.1.1).  
  
2- Inject the Javascript Code in searchbar: javascript:mimic_button('sidebar:  
%20lb_sidebar_advanced_memory_sharing..', 0)  
  
3- Now you can see the login credentials:  
  
* The host to see shared folders is 192.168.1.1  
  
4- and now we get the login and pass but the pass is unclear so just click in (CTRL + u ) to see  
  
the source code and click in (CTRL + f) and put in the  
  
search box (password) and you can see the value for password clear.  
  
`