Home / Uncategories / Hacking routers : Sagem Fast login page exploit

Hacking routers : Sagem Fast login page exploit

- Edit

Sagem Fast login page exploit

(Sagem F@st 3304-V2 (3304, 3464, 3504 may also be affected)


 This adsl router use a firmware to change the configuration setting ,
The router is vulnerable to an authentification bypass bug ,
which allows unprivileged users to modify the preconfigured root password ,
then log in with administrator permissions.
The default URL to access to the web management interface is http://192.168.1.1
This attack can also be performed by an axternal attacker who connects to the router's
public IP address.

 To exploit this vulnerability you have to run a javascript code on the login page ,

 You first need to access the router login page http://192.168.1.1/(without loging in) ,

 Then execute the following javascript in the URL bar : javascript:mimic_button('goto: 9096..')

 you will see a page where you can chouse the new username and password

Wich is goin to give you the root access to the router firmware .

 If you like this article hit a subscribe or leave a comment .

 Note : tested on : opera browser ,google chrome ,internet explorer ,mozilla
Autor : Larbi elhabti
http://elarbi.blogspot.com
note:this exploit have been found by yassin aboukir
Share on Google Plus

About Unknown

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.

0 commentaires:

Enregistrer un commentaire

Inscription à : Publier les commentaires ( Atom )