infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do minor cleanup for dlink_dir615_up_exec

unstable
jvazquez-r7 2013-05-19 12:43:01 -05:00
parent 348705ad46
commit dfa19cb46d
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/exploits/linux/http/dlink_dir615_up_exec.rb
View File

@ -17,15 +17,16 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {})
super(update_info(info,
'Name' => 'D-Link DIR615h Command Execution - Upload and Execute',
'Name' => 'D-Link DIR615h OS Command Injection',
'Description' => %q{
Some D-Link Routers are vulnerable to an authenticated OS command injection.
Default credentials for the web interface are admin/admin or admin/password. Since
it is a blind os command injection vulnerability, there is no output for the
Some D-Link Routers are vulnerable to an authenticated OS command injection on
their web interface, where default credentials are admin/admin or admin/password.
Since it is a blind os command injection vulnerability, there is no output for the
executed command when using the cmd generic payload. This module was tested against
a DIR-615 hardware revision H1 - firmware version 8.04. A ping command against a
controlled system could be used for testing purposes. The exploit uses the wget
client from the device to download the payload.
client from the device to convert the command injection into an arbitrary payload
execution.
},
'Author' =>
[