From 3936d3baa1b84fdcd6a8bfa466ae9238ab615a2e Mon Sep 17 00:00:00 2001 From: William Vu Date: Fri, 10 Nov 2017 18:15:22 -0600 Subject: [PATCH] Clean up module --- .../modules/exploit/linux/http/dlink_dir850l_unauth_exec.md | 6 +++--- ...ink_850l_unauth_exec.rb => dlink_dir850l_unauth_exec.rb} | 5 +++-- .../linux/http/netgear_dgn1000_setup_unauth_exec.rb | 2 +- 3 files changed, 7 insertions(+), 6 deletions(-) rename modules/exploits/linux/http/{dlink_850l_unauth_exec.rb => dlink_dir850l_unauth_exec.rb} (97%) diff --git a/documentation/modules/exploit/linux/http/dlink_dir850l_unauth_exec.md b/documentation/modules/exploit/linux/http/dlink_dir850l_unauth_exec.md index a1158fa395..99809325f4 100644 --- a/documentation/modules/exploit/linux/http/dlink_dir850l_unauth_exec.md +++ b/documentation/modules/exploit/linux/http/dlink_dir850l_unauth_exec.md @@ -1,6 +1,6 @@ -The module dlink_dir850_(un)auth_exec leverages an unauthenticated credential disclosure vulneralbility to then execute arbitrary commands via an authenticated OS command injection -vulneralbility. D-LINK 850L (excluding "Cloud" models) devices with firmware version up to 1.14B07 -are potentially vulnerable. The vulneralbility seems to occur within the parsing of the config. Another PoC can be found here https://www.seebug.org/vuldb/ssvid-96333. Setting command to be `reboot` will force the router into an infinite loop. +The module dlink_dir850_(un)auth_exec leverages an unauthenticated credential disclosure vulnerability to then execute arbitrary commands via an authenticated OS command injection +vulnerability. D-LINK 850L (excluding "Cloud" models) devices with firmware version up to 1.14B07 +are potentially vulnerable. The vulnerability seems to occur within the parsing of the config. Another PoC can be found here https://www.seebug.org/vuldb/ssvid-96333. Setting command to be `reboot` will force the router into an infinite loop. ## Vulnerable Application diff --git a/modules/exploits/linux/http/dlink_850l_unauth_exec.rb b/modules/exploits/linux/http/dlink_dir850l_unauth_exec.rb similarity index 97% rename from modules/exploits/linux/http/dlink_850l_unauth_exec.rb rename to modules/exploits/linux/http/dlink_dir850l_unauth_exec.rb index 69fdf17f6c..29645df2c8 100644 --- a/modules/exploits/linux/http/dlink_850l_unauth_exec.rb +++ b/modules/exploits/linux/http/dlink_dir850l_unauth_exec.rb @@ -17,11 +17,12 @@ class MetasploitModule < Msf::Exploit::Remote 'Name' => 'DIR-850L (Un)authenticated OS Command Exec', 'Description' => %q{ This module leverages an unauthenticated credential disclosure - vulneralbility to then execute arbitrary commands on DIR-850L routers + vulnerability to then execute arbitrary commands on DIR-850L routers as an authenticated user. Unable to use Meterpreter payloads. }, 'Author' => [ - 'Mumbai ' # module + 'Mumbai', # https://github.com/realoriginal (module) + 'Zdenda' # vuln discovery ], 'References' => [ ['URL', 'https://www.seebug.org/vuldb/ssvid-96333'], diff --git a/modules/exploits/linux/http/netgear_dgn1000_setup_unauth_exec.rb b/modules/exploits/linux/http/netgear_dgn1000_setup_unauth_exec.rb index a16546c153..ead3740f3c 100644 --- a/modules/exploits/linux/http/netgear_dgn1000_setup_unauth_exec.rb +++ b/modules/exploits/linux/http/netgear_dgn1000_setup_unauth_exec.rb @@ -18,7 +18,7 @@ class MetasploitModule < Msf::Exploit::Remote DGN2000v1 models. }, 'Author' => [ - 'Mumbai ', # module + 'Mumbai', # https://github.com/realoriginal (module) 'Robort Palerie ' # vuln discovery ], 'References' => [