17 lines
No EOL
559 B
Text
17 lines
No EOL
559 B
Text
# Exploit Title: Intex Router N-150 - Arbitrary File Upload
|
|
# Date: 2018-06-23
|
|
# Exploit Author: Samrat Das
|
|
# Version: N-150
|
|
# CVE : N/A
|
|
# Category: Router Firmware
|
|
|
|
# 1. Description
|
|
# The firmware allows malicious files to be uploaded without any checking of
|
|
# extensions and allows filed to be uploaded.
|
|
|
|
# 2. Proof of Concept
|
|
|
|
- Visit the application
|
|
- Go to the advanced settings post login
|
|
- Under backup- restore page upload any random file extension and hit go.
|
|
- Upon the file being upload, the firmware will get rebooted accepting the arbitrary file. |