CVE-2018-15517 PoC — D-Link Central WiFiManager CWM-100 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-15517.yaml

Associated Vulnerability

Title:D-Link Central WiFiManager CWM-100 代码问题漏洞 (CVE-2018-15517)
Description:D-Link Central WiFiManager CWM-100是中国友讯（D-Link）公司的一套基于Web的无线接入点管理系统。该系统支持集中管理无线访问接入点。 D-Link Central WiFiManager CWM-100 1.03 r0098版本中的MailConnect功能存在代码问题漏洞。攻击者利用该漏洞可以进行端口扫描。

Description

D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using a browser.

File Snapshot


 id: CVE-2018-15517

info:
  name: D-Link Central WifiManager - Server-Side Request Forgery
  author:

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!