Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

最新版v2.7存在拒绝服务漏洞 #2

Open
0xCaner opened this issue Apr 23, 2022 · 0 comments
Open

最新版v2.7存在拒绝服务漏洞 #2

0xCaner opened this issue Apr 23, 2022 · 0 comments

Comments

@0xCaner
Copy link

0xCaner commented Apr 23, 2022

漏洞测试系统为:

360V6 IPQ6018/AP-CP03-C1
OpenWrt R22.3.18 / LuCI Master (git-22.077.27812-84c894f)
image

版本v2.7(最新版):

image

漏洞触发方式:

通过访问http://【路由ip】:8118触发

效果:

image
image
image
原:
image

漏洞形成原因:

由于adbyby默认监听0.0.0.0的8118端口,导致攻击者可以从外部访问8118端口,或者还可以通过xss/csrf诱导内网用户访问,之后由于程序逻辑错误,最终导致自循环,产生大量连接,占用高额CPU
image
image
image

临时修复建议:

一:使用iptables或防火墙限制从外部访问8118端口
iptables -A INPUT -p tcp –dport 8118 -i <eth0 你的所有物理接口> -j reject
二:关闭adbyby
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant