漏洞概要

漏洞标题:
Intex Router N-150 – Arbitrary File Upload

提交时间:
2018-06-25

危害等级:

相关厂商:

漏洞分类:
exp公布

关注度:
共 16 人关注

漏洞详情

EDB-ID: 44939 Author: Samrat Das Published: 2018-06-25
CVE: N/A Type: Webapps Platform: Hardware

E-DB Verified:
<a href="javascript:void(0);" data-trigger="focus" data-toggle="popover" data-placement="top" data-content='We make an effort to verify exploits (verifty) in our labs, when possible. A “non verified” exploit (marked by a clock icon clock) simply means we did not have the opportunity to test the exploit internally.’>
Waiting verification

Exploit:

Download Exploit Code Download

/

View Raw

Vulnerable App:
N/A
# Exploit Title:​​ Intex Router N-150 - Arbitrary File Upload
# Date: 2018-06-23
# Exploit Author: Samrat Das
# Version: N-150
# CVE : N/A
# Category: Router Firmware

# 1. Description
# The firmware allows malicious files to be uploaded without any checking of
# extensions and allows filed to be uploaded.

# 2. Proof of Concept

- Visit the application
- Go to the advanced settings post login
- Under backup- restore page upload any random file extension and hit go.
- Upon the file being upload, the firmware will get rebooted accepting the arbitrary file.

发表评论

电子邮件地址不会被公开。 必填项已用*标注