关联漏洞
标题:Optilink Network OP-XT71000N 跨站请求伪造漏洞 (CVE-2020-23585)Description:Optilink Network OP-XT71000N是印度Optilink Network公司的一款无线路由器。 Optilink Network OP-XT71000N V2.2版本存在跨站请求伪造漏洞,该漏洞源于其对mgm_config_file.asp的保护不足允许攻击者创建一个精心制作的CSRF表单将恶意xml数据发送到/boaform/admin/formMgmConfigUpload允许攻击者获得全部特权并完全破坏路由器和网络。
Description
cross-site request forgery (CSRF) attack on "OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028".
介绍
# CVE-2020-23585
**OPTILINK E-PON "MODEL NO: OP-XT71000N" with "HARDWARE VERSION: V2.2"; & "FIRMWARE VERSION: OP_V3.3.1-191028"**
A remote attacker can conduct a cross-site request forgery (CSRF) attack on "OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028". The vulnerability is due to insufficient CSRF protections for the "mgm_config_file.asp" because of which attacker can create a crafted "csrf form" which sends " malicious xml data" to "/boaform/admin/formMgmConfigUpload". the exploit allows attacker to "gain full privileges" and to "fully compromise of router & network".
**TARGET**
/mgm_config_file.asp
**Attack Vector**
"mgm_config_file.asp" allows to Save config file and to Uplode config file (file is in "XML format" which contains the "usernames & passwords" of "PPP, Telnet, Snmp, Ftp, login.asp" etc.. and other credentials). An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. the attacker could alter the configuration, execute commands, or reload an affected device.
**REGARDS**
Huzaifa Hussain
https://twitter.com/disguised_noob
https://www.linkedin.com/in/huzaifa-hussain-046791179
文件快照
[4.0K] /data/pocs/c2b864950bc7dcca27fa8a9c30772b93ff23eb72
└── [1.3K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。