d8206fb5eb
13 changes to exploits/shellcodes KVM (Nested Virtualization) - L1 Guest Privilege Escalation DIGISOL DG-BR4000NG - Buffer Overflow (PoC) Foxit Reader 9.0.1.1049 - Remote Code Execution WordPress Plugin iThemes Security < 7.0.3 - SQL Injection phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1) phpMyAdmin 4.8.1 - Local File Inclusion phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2) WordPress Plugin Advanced Order Export For WooCommerce < 1.5.4 - CSV Injection Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser) Intex Router N-150 - Cross-Site Request Forgery (Add Admin) DIGISOL DG-BR4000NG - Cross-Site Scripting Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser) AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password) Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser) Intex Router N-150 - Arbitrary File Upload WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection
20 lines
No EOL
742 B
Text
20 lines
No EOL
742 B
Text
# Exploit Title: DIGISOL DG-BR4000NG - Buffer Overflow (PoC)
|
|
# Date 2018-06-24
|
|
# Vendor Homepage† http://www.digisol.com
|
|
# Hardware Link httpswww.amazon.inDigisol-DG-BR4000NG-Wireless-Broadband-802-11ndpB00A19EHYK
|
|
# Version: DIGISOL DG-BR4000NG Wireless Router
|
|
# Category Hardware
|
|
# Exploit Author Adipta Basu
|
|
# Tested on Mac OS High Sierra
|
|
# CVE CVE-2018-12706
|
|
|
|
# Reproduction Steps
|
|
|
|
- Goto your Wifi Router Gateway [i.e http192.168.2.1]
|
|
- Go to -- General Setup -- Wireless -- Basic Settings
|
|
- Open BurpSuite
|
|
- Reload the Page
|
|
- Burp will capture the intercepts.
|
|
- Add a string of 500 ì0îs after the Authorization Basic string
|
|
- The router will restart.
|
|
- Refresh the page, and the whole web interface will be faulty. |