d8206fb5eb
13 changes to exploits/shellcodes KVM (Nested Virtualization) - L1 Guest Privilege Escalation DIGISOL DG-BR4000NG - Buffer Overflow (PoC) Foxit Reader 9.0.1.1049 - Remote Code Execution WordPress Plugin iThemes Security < 7.0.3 - SQL Injection phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1) phpMyAdmin 4.8.1 - Local File Inclusion phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2) WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser) Intex Router N-150 - Cross-Site Request Forgery (Add Admin) DIGISOL DG-BR4000NG - Cross-Site Scripting Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser) AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password) Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser) Intex Router N-150 - Arbitrary File Upload WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection
17 lines
No EOL
581 B
Text
17 lines
No EOL
581 B
Text
# Exploit Title: Intex Router N-150 - Arbitrary File Upload
|
||
# Date: 2018-06-23
|
||
# Exploit Author: Samrat Das
|
||
# Version: N-150
|
||
# CVE : N/A
|
||
# Category: Router Firmware
|
||
|
||
# 1. Description
|
||
# The firmware allows malicious files to be uploaded without any checking of
|
||
# extensions and allows filed to be uploaded.
|
||
|
||
# 2. Proof of Concept
|
||
|
||
- Visit the application
|
||
- Go to the advanced settings post login
|
||
- Under backup- restore page upload any random file extension and hit go.
|
||
- Upon the file being upload, the firmware will get rebooted accepting the arbitrary file. |