infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

description

unstable
m-1-k-3 2013-05-12 20:07:32 +02:00
parent 22d850533a
commit 981cc891bc
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/exploits/linux/http/dlink_dir615_up_exec.rb
View File

@ -17,8 +17,14 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {})
super(update_info(info,
'Name' => 'Dlink DIR615 Command Execution - Upload and Execute',
'Name' => 'D-Link DIR615h Command Execution - Upload and Execute',
'Description' => %q{
Some D-Link Routers are vulnerable to an authenticated OS command injection.
Default credentials for the web interface are admin/admin or admin/password. Since
it is a blind os command injection vulnerability, there is no output for the
executed command when using the cmd generic payload. A ping command against a
controlled system could be used for testing purposes. The exploit uses the wget
client from the device to download the payload.
},
'Author' =>
[