CVE-2018-10822 PoC — 多款D-Link产品路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-10822.yaml

Associated Vulnerability

Title:多款D-Link产品路径遍历漏洞 (CVE-2018-10822)
Description:D-Link DWR-116等都是友讯（D-Link）公司的无线路由器产品。多款D-Link产品中的Web界面存在目录遍历漏洞。远程攻击者可通过将/..或//放置在‘GET /uir’之后并发送HTTP请求利用该漏洞读取任意文件。以下产品和版本受到影响：D-Link DWR-116 1.06及之前版本；DIR-140L 1.02及之前版本；DIR-640L 1.02及之前版本；DWR-512 2.02及之前版本；DWR-712 2.02及之前版本；DWR-912 2.02及之前版本；DWR-921 2.

Description

D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request to the web interface.

File Snapshot


 id: CVE-2018-10822

info:
  name: D-Link Routers - Local File Inclusion
  author: daffainfo
  severi

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!