module

D-Link Cookie Command Execution

Try Surface Command
Back to search
Disclosed
Jun 12, 2015
Created
May 30, 2018

Description

This module exploits an anonymous remote upload and code execution vulnerability on different
D-Link devices. The vulnerability is a command injection in the cookie handling process of the
lighttpd web server when handling specially crafted cookie values. This module has been
successfully tested on D-Link DSP-W110A1_FW105B01 in emulated environment.

Authors

Peter Adkins peter.adkins@kernelpicnic.net
Michael Messner devnull@s3cur1ty.de

Platform

Linux

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/linux/http/dlink_dspw110_cookie_noauth_exec
    msf exploit(dlink_dspw110_cookie_noauth_exec) > show targets
        ...targets...
    msf exploit(dlink_dspw110_cookie_noauth_exec) > set TARGET < target-id >
    msf exploit(dlink_dspw110_cookie_noauth_exec) > show options
        ...show and set options...
    msf exploit(dlink_dspw110_cookie_noauth_exec) > exploit
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today