Home » » Cross Site Request Forgery in 2wire routers

Cross Site Request Forgery in 2wire routers

Vulnerable Routers: 1701HG, 2071 Gateway
Software: v3.17.5, 5.29.51 Password Not Set (default)

Greetz a la Comunidad Underground de México, y a los
que me ayudaron a probarlo: Preth00nker, nitr0us, ...
hkm () hakim ws

I. Background
This is the most popular router in Mexico and the default installation from the ISP has no system password.

II. Vuln
It is possible to send a request to the router that will modify its configuration.

It does not validate POST, or Referer or Anything...

II. Exploit
We just need the client to do a request to the router with the configuration we desire.


Set a password (NUEVOPASS):

Add names to the DNS ( www.prueba.hkm):

Disable Wireless Authentication

Set Dynamic DNS

Disable the Firewall
Reset the device

DNS Poisoning demo: http://www.hakim.ws/2wire/demodns.html
source : http://seclists.org/bugtraq/2007/Aug/225 
itu ajah dari anggreks , sumbernya DariSINI