Looking for a fix? Check your Codebase security with multiple scanners from

Edit Report

Our sensors found this exploit at:

Below is a copy:

D-link DAP-1360 Path Traversal / Cross-Site Scripting
# Exploit Title: D-Link DAP-1360  File path traversal and Cross site scripting[reflected] can lead to Authentication Bypass easily.
# Date: 20-07-2018
# Exploit Author: r3m0t3nu11
# Contact :
# Vendor :
# Version: Hardware version: F1
Firmware version: 6.O5
# Tested on:All Platforms

1) Description

After Successfully Connected to D-Link DIR-600
Router(FirmWare Version : 2.01), Any User Can Bypass The Router's
Root password as well bypass admin panel.

D-Link DAP-1360  devices with v6.x firmware allow remote attackers to
read passwords via a errorpage paramater which lead to absolute path
traversal attack,

Its More Dangerous when your Router has a public IP with remote login

Tested Router IP :

Video POC :

2) Proof of Concept

Step 1: Go to
Router Login Page :

Step 2:
Add the payload to URL.


Now u can get root password by reading /etc/shadow.

2- XSS
  Step 1: Go to
Router Login Page :

Step 2:
Add the payload to URL.


u will get r3m0t3nu11 name pop up as reflected xss

Greetz to : Samir Hadji,0n3,C0ld Z3r0,alm3refh group,0x30 team,zero way team.

Copyright ©2020 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.