D-Link DSL-2640R – DNS Change

• Exploit Database
• 17 阅读

• 作者： Todor Donev
  日期： 2018-01-17
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/43678/

• #
  #
  #D-Link DSL-2640R Unauthenticated Remote DNS Change Vulnerability
  #
  #Firmware Version: UK_1.06 Hardware Version: B1
  #
  #Copyright 2018 (c) Todor Donev <todor.donev at gmail.com>
  #
  #https://ethical-hacker.org/
  #https://facebook.com/ethicalhackerorg/
  #
  #Description:
  #The vulnerability exist in the web interface.
  #D-Link's various routers are susceptible to unauthorized DNS change. 
  #The problem is when entering an invalid / wrong user and password.
  #
  #ACCORDING TO THE VULNERABILITY DISCOVERER, MORE D-Link 
  #DEVICES MAY AFFECTED.
  #
  #Once modified, systems use foreign DNS servers,which are 
  #usually set up by cybercriminals. Users with vulnerable 
  #systems or devices who try to access certain sites are 
  #instead redirected to possibly malicious sites.
  #
  #Modifying systems' DNS settings allows cybercriminals to 
  #perform malicious activities like:
  #
  #oSteering unknowing users to bad sites: 
  # These sites can be phishing pages that 
  # spoof well-known sites in order to 
  # trick users into handing out sensitive 
  # information.
  #
  #oReplacing ads on legitimate sites: 
  # Visiting certain sites can serve users 
  # with infected systems a different set 
  # of ads from those whose systems are 
  # not infected.
  # 
  #oControlling and redirecting network traffic: 
  # Users of infected systems may not be granted 
  # access to download important OS and software 
  # updates from vendors like Microsoft and from 
  # their respective security vendors.
  #
  #oPushing additional malware: 
  # Infected systems are more prone to other 
  # malware infections (e.g., FAKEAV infection).
  #
  #
  
  Proof of Concept:
  
  http://<TARGET>/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary=<MALICIOUS DNS>&dnsSecondary=<MALICIOUS DNS>