M. Afaq Abid
PoC of CVE-2021-35296 - PTCL Modem HG150-Ub
Authentication Bypass through response manipulation.
Steps to Reproduce:
- Go to login page of Modem (192.168.10.1)
- Type any random Username and Password and capture the request in any proxy listener. (BurpSuite)
- Forward the request with above random Username and Password with the option of Intercept Response.
- When the response returns, update
Set-Cookie: Name=0admin;and in body tag modify the
- Forward the request and you are in the Admin Panel without any credentials.
PoC video for more details: https://youtu.be/kNdAIGcNvXU