47 lines
No EOL
1.6 KiB
Text
47 lines
No EOL
1.6 KiB
Text
######################################################################
|
|
# Exploit Title: {D-Link DSL-2750U} CSRF Vulnerability
|
|
# Author: khaledmohdar(Mysterious guy)
|
|
# E-mail: fighterxwar@gmail.com(www.facebook.com/khaledmohdar)
|
|
# Category: Hardware
|
|
# Google Dork: N/A
|
|
# Vendor: http://www.dlink.com/
|
|
# Firmware Version: ME_1.09
|
|
# Product: http://www.dlinkmea.com/site/index.php/site/productDetails/232
|
|
# Tested on: Windows 7 32-bit
|
|
######################################################################
|
|
|
|
1)Introduction
|
|
==============
|
|
D-Link DSL-2750U High-Speed Internet The DSL-2750U Wireless N ADSL2+ 4-Port
|
|
Wi-Fi Router is a versatile,
|
|
high-performance router for home and the small office.
|
|
With integrated ADSL2/2+ supporting download speeds up to 24 Mbps,
|
|
firewall protection, Quality of Service (QoS), 802.11n wireless LAN,
|
|
and 4 Ethernet switch ports,
|
|
this router provides all the functions that a home or small office needs to
|
|
establish
|
|
a secure and high-speed
|
|
link to the Internet. Ultimate Wireless Connection with Maximum Security
|
|
============================================
|
|
2)Vulnerability Description
|
|
|
|
This router allows an attacker to bypass authentication and login to the
|
|
setup page
|
|
after that just make any settings and save or apply it and it's going to
|
|
say "worng old password"
|
|
Don't worry just hit ok . now you are in the Router settings you can
|
|
Download the config file
|
|
or whatever yuo want!
|
|
|
|
and now you can easily make a new settings Includes a new login password
|
|
|
|
|
|
#Exploit
|
|
========
|
|
open this link
|
|
|
|
192.168.1.1/html/config
|
|
|
|
then Wath my Video
|
|
|
|
https://www.youtube.com/watch?v=-Yvs_sc1tjQ |