nuclei-templates/http/misconfiguration/dlink-unauth-cgi-script.yaml

id: dlink-unauth-cgi-script

info:
  name: D-Link DNS Series  CGI Script - Unauthenticated
  author: pussycat0x
  severity: low
  description: |
    A vulnerability has been identified in the D-Link DNS series network storage devices, allowing for the exposure of sensitive device information to unauthorized actors. This vulnerability is due to an unauthenticated access flaw in the info.cgi script, which can be exploited via a simple HTTP GET request, affecting over 920,000 devices on the Internet.
  reference:
    - https://github.com/netsecfish/info_cgi
  metadata:
    verified: true
    max-request: 1
    fofa-query: "app=\"D_Link-DNS\""
  tags: unauth,dlink,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin/info.cgi"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Product="
          - "Version="
          - "Model="
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100faef3e2642d3cd1b6e8e24c56eb728238309501a9db8898c308041635af4bbb6022100ed2440b3bd0c13869879595085a08be11ff936d4e974efba5ccd878ed7bf8de8:922c64590222798bb761d5b6d8e72950
Create dlink-unauth-cgi-script.yaml 2024-04-09 17:17:44 +00:00			`id: dlink-unauth-cgi-script`
update matcher 2024-04-10 06:00:03 +00:00
Create dlink-unauth-cgi-script.yaml 2024-04-09 17:17:44 +00:00			`info:`
			`name: D-Link DNS Series CGI Script - Unauthenticated`
Update dlink-unauth-cgi-script.yaml 2024-04-09 17:31:33 +00:00			`author: pussycat0x`
Create dlink-unauth-cgi-script.yaml 2024-04-09 17:17:44 +00:00			`severity: low`
			`description: \|`
			`A vulnerability has been identified in the D-Link DNS series network storage devices, allowing for the exposure of sensitive device information to unauthorized actors. This vulnerability is due to an unauthenticated access flaw in the info.cgi script, which can be exploited via a simple HTTP GET request, affecting over 920,000 devices on the Internet.`
			`reference:`
			`- https://github.com/netsecfish/info_cgi`
			`metadata:`
			`verified: true`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`max-request: 1`
			`fofa-query: "app=\"D_Link-DNS\""`
Create dlink-unauth-cgi-script.yaml 2024-04-09 17:17:44 +00:00			`tags: unauth,dlink,misconfig`

			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/cgi-bin/info.cgi"`

added condition 2024-04-10 06:09:42 +00:00			`matchers-condition: and`
Create dlink-unauth-cgi-script.yaml 2024-04-09 17:17:44 +00:00			`matchers:`
			`- type: word`
			`words:`
			`- "Product="`
			`- "Version="`
update matcher 2024-04-10 06:00:03 +00:00			`- "Model="`
Create dlink-unauth-cgi-script.yaml 2024-04-09 17:17:44 +00:00			`condition: and`

			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Sat Jun 8 16:02:16 UTC 2024] :robot: 2024-06-08 16:02:17 +00:00			`# digest: 4b0a00483046022100faef3e2642d3cd1b6e8e24c56eb728238309501a9db8898c308041635af4bbb6022100ed2440b3bd0c13869879595085a08be11ff936d4e974efba5ccd878ed7bf8de8:922c64590222798bb761d5b6d8e72950`