An exploitation tool to extract passwords using CVE-2015-5995.# TendaSpill
An exploitation tool to extract passwords using CVE-2015-5995.
### CVE-2015-5995
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.
## Disclaimer
This tool is for testing and educational purposes only. Any other usage for this code is not allowed. Use at your own risk. The author or any Internet provider bears NO responsibility for misuse of this tool. By using this you accept the fact that any damage caused by the use of this tool is your responsibility.
"In the end, we're all alone. And no one's coming to save you."
-John Reese, Person of Interest.
## Interesting Read
https://hk.saowen.com/a/31cc238470dacd72b1775a20c84fbd73f6d818ff6063bb23e7bfad387a43ccec
## Demo
https://www.facebook.com/shahee.mirza.5/videos/1154224851419835/
## How to use
```
$ bash tendaspill.sh IP:PORT
$ bash tendaspill.sh 192.168.1.1:8080
```
## Contributing
Go ahead! you know what to do.
## License
The source code is licensed under the MIT license.
[4.0K] /data/pocs/1656308da27c72afcf08b08c839988663d1be69a
├── [1.0K] LICENSE
├── [1.1K] README.md
└── [1.8K] tendaspill.sh
0 directories, 3 files